Archief - Logje nakijken aub

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

D--Amo

Legacy Member
Ik heb wat problemen met men pc. Als ik wil aanmelden op MSN, crasht MSN. En als ik dan bij taakbeheer ga kijken zie ik 2x MSN staan, terwijl ik deze zeker maar 1x geopend heb.

Ik heb dan eens gescand met Malwarebytes, deze vond maar liefst 23 infecties. Maar toen ik deze wou verwijderen crashtte MB, dus dit lukt ook niet.

Ik heb nu systeemherstel gedaan en MSN werkt weer, maar ik post voor de zekerheid toch nog even een logje. Mss zien jullie wat er aan de hand is..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:15, on 18/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\SMSC\SetIcon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\bcd3kcpan.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SetIcon] \Windows\SMSC\SetIcon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BCD3000] %SystemRoot%\system32\bcd3kcpan.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: chpgex.dllavgrsstx.dll knlpxu.dll licxvn.dll xqtrld.dll dubtlk.dll fegqyt.dll yaakdp.dll qvtxlu.dll lrzihs.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 7308 bytes

D--Amo

Legacy Member
Na het systeemherstel nog geen problemen ondervonden, maar dit is al een aantal keren teruggekomen in het verleden. Als het terugkomt, post ik nog wel eens een logje.

alvast bedankt.

D--Amo

Legacy Member
Zoals verwacht keren dezelfde problemen terug. Ik heb deze keer nog geen systeemherstel ofzo gedaan. Ik hoop dat jullie iets vinden..

Alvast bedankt!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:14, on 20/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\SMSC\SetIcon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\bcd3kcpan.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SetIcon] \Windows\SMSC\SetIcon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BCD3000] %SystemRoot%\system32\bcd3kcpan.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [7041bfa3] rundll32.exe "C:\WINDOWS\system32\feflafev.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: chpgex.dllavgrsstx.dll knlpxu.dll licxvn.dll xqtrld.dll dubtlk.dll fegqyt.dll yaakdp.dll qvtxlu.dll isenrd.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 7388 bytes

Jurgenv1

Legacy Member
Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

D--Amo

Legacy Member
ComboFix 08-11-22.01 - Massimo 2008-11-22 18:13:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.642 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Massimo\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\vlc-0.9.6-win32.exe
c:\documents and settings\Massimo\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\windows\system32\abcKQXyb.ini
c:\windows\system32\abcKQXyb.ini2
c:\windows\system32\agknsf.dll
c:\windows\system32\aqacxdwy.dll
c:\windows\system32\awtsSihI.dll
c:\windows\system32\awtttuRL.dll
c:\windows\system32\awtUmLFu.dll
c:\windows\system32\bixveidt.ini
c:\windows\system32\bkqnbfqh.dll
c:\windows\system32\bsbbbs.dll
c:\windows\system32\cjokod.dll
c:\windows\system32\cpfbsy.dll
c:\windows\system32\dgphjpub.exe
c:\windows\system32\dnjhsh.dll
c:\windows\system32\dnvvjvsq.dll
c:\windows\system32\dvlxmsqq.ini
c:\windows\system32\dycdmltk.dll
c:\windows\system32\efcDSKcC.dll
c:\windows\system32\efcDwxUo.dll
c:\windows\system32\efcYOhfC.dll
c:\windows\system32\efcYRIYq.dll
c:\windows\system32\efcyvUkj.dll
c:\windows\system32\egrnio.dll
c:\windows\system32\eihhmoqw.ini
c:\windows\system32\EV02
c:\windows\system32\EV02\EV022328.exe
c:\windows\system32\fccbYolj.dll
c:\windows\system32\fmredqgu.ini
c:\windows\system32\fqqdfraa.ini
c:\windows\system32\frgtexkr.exe
c:\windows\system32\fsrbopmn.ini
c:\windows\system32\gmdpvdro.dll
c:\windows\system32\gsmmnyey.dll
c:\windows\system32\gxwdrcmu.dll
c:\windows\system32\hbxxstws.ini
c:\windows\system32\hdpdvmut.ini
c:\windows\system32\hgGwTjgh.dll
c:\windows\system32\hgGyxVOi.dll
c:\windows\system32\hlambith.dll
c:\windows\system32\hydqlofn.dll
c:\windows\system32\idgppowo.ini
c:\windows\system32\ihbyvsjs.dll
c:\windows\system32\ikkcww.dll
c:\windows\system32\ipiteh.dll
c:\windows\system32\ipwahcvx.exe
c:\windows\system32\isenrd.dll
c:\windows\system32\iuhppy.dll
c:\windows\system32\jccrvnoq.exe
c:\windows\system32\jkkLEXRJ.dll
c:\windows\system32\kcgpnrmv.exe
c:\windows\system32\keylppwo.dll
c:\windows\system32\khfCsqqr.dll
c:\windows\system32\khfFWpnn.dll
c:\windows\system32\klsfklvv.ini
c:\windows\system32\kmkpjp.dll
c:\windows\system32\kynasmyf.dll
c:\windows\system32\lgdecz.dll
c:\windows\system32\ljJaBQhG.dll
c:\windows\system32\ljJDUlKB.dll
c:\windows\system32\lkqhuo.dll
c:\windows\system32\lrhftwdd.dll
c:\windows\system32\lrpqlrbi.ini
c:\windows\system32\lrvgxz.dll
c:\windows\system32\lrzihs.dll
c:\windows\system32\ltnihhdq.ini
c:\windows\system32\lyqusocb.dll
c:\windows\system32\mlJDtqnm.dll
c:\windows\system32\mlJDvwxX.dll
c:\windows\system32\MSINET.oca
c:\windows\system32\ncdljmbl.ini
c:\windows\system32\neruhu.dll
c:\windows\system32\nspcirjt.dll
c:\windows\system32\nvcmgldq.dll
c:\windows\system32\octxetks.ini
c:\windows\system32\ocxpfsna.dll
c:\windows\system32\omiicatt.exe
c:\windows\system32\opnlLEvU.dll
c:\windows\system32\opnMgDuU.dll
c:\windows\system32\opnooNdd.dll
c:\windows\system32\oujiojhq.dll
c:\windows\system32\pavqkj.dll
c:\windows\system32\pbshcd.dll
c:\windows\system32\pgivpipm.ini
c:\windows\system32\pifgaphi.dll
c:\windows\system32\ppeqacmv.ini
c:\windows\system32\pwggsl.dll
c:\windows\system32\pxmhbt.dll
c:\windows\system32\qbinkrfl.exe
c:\windows\system32\qgaqku.dll
c:\windows\system32\qhhumieg.ini
c:\windows\system32\qidesfnl.dll
c:\windows\system32\qoMdCsQK.dll
c:\windows\system32\qoMgDttT.dll
c:\windows\system32\quyxhx.dll
c:\windows\system32\rbmbwkfs.ini
c:\windows\system32\rbpvtwfp.exe
c:\windows\system32\rkphusfq.dll
c:\windows\system32\roxccygd.ini
c:\windows\system32\rqRJYOeE.dll
c:\windows\system32\rqRJYrRj.dll
c:\windows\system32\rqRLdBqN.dll
c:\windows\system32\rqRLfdDT.dll
c:\windows\system32\rssgoord.ini
c:\windows\system32\sauhcodh.ini
c:\windows\system32\sbahwwcr.exe
c:\windows\system32\sjwumwau.exe
c:\windows\system32\skrsgmpp.exe
c:\windows\system32\smpguw.dll
c:\windows\system32\ssqQgHxX.dll
c:\windows\system32\ssqRHAqN.dll
c:\windows\system32\sueikg.dll
c:\windows\system32\tAbaKkkj.ini
c:\windows\system32\tAbaKkkj.ini2
c:\windows\system32\tokpxblj.dll
c:\windows\system32\tuvSlIYs.dll
c:\windows\system32\tuvTmNDu.dll
c:\windows\system32\tuvUKEtt.dll
c:\windows\system32\tuvVpMcC.dll
c:\windows\system32\txcgswxf.ini
c:\windows\system32\tyyescgn.dll
c:\windows\system32\uedcdipu.ini
c:\windows\system32\urqRHxxy.dll
c:\windows\system32\uyhwabun.ini
c:\windows\system32\uypwvclu.dll
c:\windows\system32\vbbqvibs.dll
c:\windows\system32\vbmhvrtc.ini
c:\windows\system32\vefalfef.ini
c:\windows\system32\vhllhvkh.dll
c:\windows\system32\vmcaqepp.dll
c:\windows\system32\vryniurp.ini
c:\windows\system32\vtUlIAss.dll
c:\windows\system32\vtUlKCur.dll
c:\windows\system32\vtUonkjj.dll
c:\windows\system32\vwwjlwyk.exe
c:\windows\system32\wdmuwbuy.ini
c:\windows\system32\wibivqwc.ini
c:\windows\system32\wvUkJdAs.dll
c:\windows\system32\wvUljIca.dll
c:\windows\system32\XaIQXyay.ini
c:\windows\system32\XaIQXyay.ini2
c:\windows\system32\xoytup.dll
c:\windows\system32\xpcclkya.ini
c:\windows\system32\xxyayAPH.dll
c:\windows\system32\xxyyvTNf.dll
c:\windows\system32\xxyyvWnO.dll
c:\windows\system32\yayvVNee.dll
c:\windows\system32\yayXQIaX.dll
c:\windows\system32\yayYsrQk.dll
c:\windows\system32\yjornv.dll
c:\windows\system32\yqdmbpar.dll
c:\windows\system32\ysgldlpu.dll
c:\windows\system32\zwntyt.dll
J:\Autorun.inf

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-10-22 to 2008-11-22 ))))))))))))))))))))))))))))))
.

2008-11-18 18:26 . 2008-11-18 23:37 <DIR> d-------- c:\documents and settings\Massimo\Application Data\DVD Profiler
2008-11-18 18:25 . 2008-11-18 23:35 <DIR> d-------- c:\program files\DVD Profiler
2008-11-18 17:17 . 2008-11-18 17:17 <DIR> d-------- c:\program files\Trend Micro
2008-11-17 14:56 . 2008-11-17 14:56 <DIR> d-------- c:\windows\system32\dPI02
2008-11-17 14:56 . 2008-11-17 14:56 <DIR> d-------- c:\temp\FT62
2008-11-14 17:26 . 2008-11-15 00:52 128 --a------ c:\documents and settings\Massimo\index.exe
2008-11-12 17:40 . 2008-11-12 17:40 <DIR> d-------- c:\windows\system32\sX3i02
2008-11-12 17:40 . 2008-11-12 17:40 <DIR> d-------- c:\temp\PRE45
2008-11-08 12:07 . 2008-11-08 12:08 <DIR> d-------- c:\program files\Google
2008-11-08 12:07 . 2008-11-22 13:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2008-11-06 18:28 . 2008-11-06 18:28 <DIR> d-------- c:\windows\Sun
2008-11-06 17:20 . 2008-11-08 14:33 <DIR> d-------- c:\program files\StuffPlug3
2008-11-06 17:20 . 2008-11-06 17:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-06 17:14 . 2008-11-06 19:11 <DIR> d-------- c:\program files\Messenger Plus! Live
2008-11-01 13:02 . 2008-11-17 19:09 <DIR> d-------- C:\BRIDGET_JONES_DIARY
2008-10-30 12:39 . 2008-10-30 12:39 <DIR> d-------- c:\windows\system32\QI02
2008-10-30 12:39 . 2008-10-30 12:39 <DIR> d-------- c:\temp\NT32
2008-10-24 19:20 . 2008-10-25 15:20 68 --a------ c:\documents and settings\Massimo\z.bat

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-22 17:16 --------- d-----w c:\program files\DNA
2008-11-22 17:16 --------- d-----w c:\documents and settings\Massimo\Application Data\DNA
2008-11-19 23:30 --------- d-----w c:\documents and settings\Massimo\Application Data\BitTorrent
2008-11-17 17:16 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-10-17 09:57 --------- d-----w c:\program files\SlySoft
2008-10-06 12:24 --------- d-----w c:\documents and settings\Massimo\Application Data\Thinstall
2008-10-04 13:13 --------- d-----w c:\program files\VirtualDJ
2008-09-29 18:38 71 ----a-w c:\documents and settings\Massimo\2521.bat
2008-09-29 17:38 --------- d-----w c:\program files\MSECache
2008-09-27 16:51 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-09-24 17:54 --------- d-----w c:\program files\BearShare
2008-09-22 14:46 71 ----a-w c:\documents and settings\Massimo\7197.bat
2008-08-18 12:42 71 ----a-w c:\documents and settings\Massimo\6360.bat
2008-08-18 12:22 71 ----a-w c:\documents and settings\Massimo\6044.bat
2008-08-14 12:44 71 ----a-w c:\documents and settings\Massimo\5946.bat
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-04-10 15360]
"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-12 342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"SetIcon"="\Windows\SMSC\SetIcon.exe" [2005-07-08 42496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-06 7700480]
"LanguageShortcut"="c:\program files\Home Cinema\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"BCD3000"="c:\windows\system32\bcd3kcpan.exe" [2008-08-13 552960]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-09 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-10-09 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-10-06 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-04-10 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-02 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 40960]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-08-08 716800]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Gaming Zone\\Windows\\bckgzm.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\iPhone Tunnel Suite\\iTunnel\\iTunnel.exe"=

R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2008-08-08 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2008-08-08 11264]
R3 BCD3000;Behringer BCD3000 V1.1.2.0;c:\windows\system32\Drivers\BCD3000.SYS [2008-08-13 42496]
R3 BCD3000WDM;Behringer BCD3000WDM V1.1.2.0;c:\windows\system32\Drivers\BCD3000WDM.SYS [2008-08-13 21600]
R3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2008-08-08 7040]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-08-19 38472]
.
Inhoud van de 'Gedeelde Taken' map

2008-09-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-10-19 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1218717880.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-02 19:38]
.
- - - - ORPHANS VERWIJDERD - - - -

BHO-{10F48902-FD22-4DE8-B149-ED0157E29148} - c:\windows\system32\yayXQIaX.dll
BHO-{c6a55583-f64b-4609-bbe5-743a7af24353} - c:\windows\system32\quyxhx.dll
BHO-{C81B3B86-175D-4659-AB67-1C59DC63AFE3} - c:\windows\system32\rqRJYOeE.dll
BHO-{FBC71D5A-0451-401A-A3D9-DDF4F104E995} - c:\windows\system32\byXQKcba.dll
HKLM-Run-NWEReboot - (no file)
ShellExecuteHooks-{C81B3B86-175D-4659-AB67-1C59DC63AFE3} - c:\windows\system32\rqRJYOeE.dll


.
------- Bijkomende Scan -------
.
FireFox -: Profile - c:\documents and settings\Massimo\Application Data\Mozilla\Firefox\Profiles\0fsfm80n.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - Google
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-22 18:16:33
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\SMSC\SetIcon.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Voltooingstijd: 2008-11-22 18:18:07 - machine werd herstart
ComboFix-quarantined-files.txt 2008-11-22 17:18:04

Pre-Run: 235.833.548.800 bytes beschikbaar
Post-Run: 245,488,193,536 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

330 --- E O F --- 2008-09-18 23:46:49




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:12, on 22/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\SMSC\SetIcon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\bcd3kcpan.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SetIcon] \Windows\SMSC\SetIcon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BCD3000] %SystemRoot%\system32\bcd3kcpan.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 7240 bytes

Jurgenv1

Legacy Member
* Download OTMoveIt.exe en plaats het op je bureaublad:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

* Open OTMoveIt.exe.
In het linkerpaneel, waar het zegt: "Paste List of Files/Folders to be Moved" ,kopieer en plak onderstaand gedeelte:

c:\documents and settings\Massimo\z.bat
c:\documents and settings\Massimo\7197.bat
c:\documents and settings\Massimo\6360.bat
c:\documents and settings\Massimo\6044.bat
c:\documents and settings\Massimo\5946.bat


Daarna klik de MoveIt knop onderaan.
Wanneer voltooid zal het een log aanmaken (********_******.log -- de * staat voor datum en tijd) in volgende map: C:\_OTMoveIt\MovedFiles.
Kopieer en plak de inhoud van die log in je volgende post.

D--Amo

Legacy Member
c:\documents and settings\Massimo\z.bat moved successfully.
c:\documents and settings\Massimo\7197.bat moved successfully.
c:\documents and settings\Massimo\6360.bat moved successfully.
c:\documents and settings\Massimo\6044.bat moved successfully.
c:\documents and settings\Massimo\5946.bat moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 11252008_155022

Jurgenv1

Legacy Member
Ok post nu eens een nieuw hijackthis logje hier met een nieuw logje van combofix.

D--Amo

Legacy Member
ComboFix 08-11-26.01 - Massimo 2008-11-25 23:57:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.664 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Massimo\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-10-26 to 2008-11-26 ))))))))))))))))))))))))))))))
.

2008-11-25 15:50 . 2008-11-25 15:50 <DIR> d-------- C:\_OTMoveIt
2008-11-18 18:26 . 2008-11-18 23:37 <DIR> d-------- c:\documents and settings\Massimo\Application Data\DVD Profiler
2008-11-18 18:25 . 2008-11-18 23:35 <DIR> d-------- c:\program files\DVD Profiler
2008-11-18 17:17 . 2008-11-18 17:17 <DIR> d-------- c:\program files\Trend Micro
2008-11-17 14:56 . 2008-11-17 14:56 <DIR> d-------- c:\windows\system32\dPI02
2008-11-17 14:56 . 2008-11-17 14:56 <DIR> d-------- c:\temp\FT62
2008-11-14 17:26 . 2008-11-15 00:52 128 --a------ c:\documents and settings\Massimo\index.exe
2008-11-12 17:40 . 2008-11-12 17:40 <DIR> d-------- c:\windows\system32\sX3i02
2008-11-12 17:40 . 2008-11-12 17:40 <DIR> d-------- c:\temp\PRE45
2008-11-08 12:07 . 2008-11-08 12:08 <DIR> d-------- c:\program files\Google
2008-11-08 12:07 . 2008-11-25 17:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2008-11-06 18:28 . 2008-11-06 18:28 <DIR> d-------- c:\windows\Sun
2008-11-06 17:20 . 2008-11-08 14:33 <DIR> d-------- c:\program files\StuffPlug3
2008-11-06 17:20 . 2008-11-06 17:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-06 17:14 . 2008-11-06 19:11 <DIR> d-------- c:\program files\Messenger Plus! Live
2008-11-01 13:02 . 2008-11-17 19:09 <DIR> d-------- C:\BRIDGET_JONES_DIARY
2008-10-30 12:39 . 2008-10-30 12:39 <DIR> d-------- c:\windows\system32\QI02
2008-10-30 12:39 . 2008-10-30 12:39 <DIR> d-------- c:\temp\NT32

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-26 22:58 --------- d-----w c:\documents and settings\Massimo\Application Data\DNA
2008-11-25 14:37 --------- d-----w c:\program files\DNA
2008-11-24 18:51 --------- d-----w c:\documents and settings\Massimo\Application Data\BitTorrent
2008-11-23 18:21 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-17 17:16 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-17 09:57 --------- d-----w c:\program files\SlySoft
2008-10-12 10:40 115,200 ----a-w c:\windows\system32\juoepkta.dll
2008-10-12 10:40 115,200 ----a-w c:\windows\system32\itddox.dll
2008-10-11 16:03 115,200 ----a-w c:\windows\system32\wrpnjt.dll
2008-10-11 16:03 115,200 ----a-w c:\windows\system32\rafjumsv.dll
2008-10-10 15:57 114,688 ----a-w c:\windows\system32\ngicyp.dll
2008-10-10 15:57 114,688 ----a-w c:\windows\system32\gdvphyfe.dll
2008-10-09 14:59 115,200 ----a-w c:\windows\system32\urxnvlwc.dll
2008-10-09 14:59 115,200 ----a-w c:\windows\system32\ljvspm.dll
2008-10-08 08:33 115,200 ----a-w c:\windows\system32\yfbswjie.dll
2008-10-08 08:33 115,200 ----a-w c:\windows\system32\fbifkj.dll
2008-10-06 12:24 --------- d-----w c:\documents and settings\Massimo\Application Data\Thinstall
2008-10-04 13:13 --------- d-----w c:\program files\VirtualDJ
2008-09-30 15:27 34,304 ----a-w c:\windows\system32\yayxwVLD.dll
2008-09-30 15:27 34,304 ----a-w c:\windows\system32\vtUomjIX.dll
2008-09-29 18:38 71 ----a-w c:\documents and settings\Massimo\2521.bat
2008-09-29 17:38 --------- d-----w c:\program files\MSECache
2008-09-27 16:51 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-09-15 15:42 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:46 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-22_18.17.49.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-05 09:41:45 453,120 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2007-02-28 16:05:05 2,140,672 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 13:47:57 2,140,672 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 16:05:16 2,061,952 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 13:48:03 2,062,080 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 16:05:04 2,020,352 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 13:47:56 2,020,352 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 16:05:16 2,184,704 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 13:48:00 2,184,704 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-06-23 16:43:12 124,928 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:43:12 347,136 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:43:13 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:43:13 133,120 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:43:13 63,488 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 09:22:59 70,656 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:43:13 153,088 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:43:13 230,400 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:43:13 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:43:13 384,512 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:43:15 6,066,176 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:43:15 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:43:15 267,776 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 09:20:26 13,824 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 09:23:16 625,664 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:43:16 27,648 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:43:16 459,264 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:43:16 52,224 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-24 08:43:20 3,592,192 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:43:18 477,696 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:43:18 193,024 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 16:43:19 671,232 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:43:19 102,912 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:43:19 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:58:28 216,800 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:59:37 389,856 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:43:19 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:43:19 1,159,680 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:43:20 233,472 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:43:20 826,368 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll
+ 2006-10-26 18:12:56 396,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\MOC.EXE
+ 2007-05-08 09:10:18 16,874,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\MSO.DLL
+ 2007-03-21 16:56:50 8,425,856 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OARTCONV.DLL
+ 2006-10-27 13:18:34 1,658,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OGL.DLL
+ 2007-05-10 07:04:28 846,248 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OICE.EXE
+ 2007-05-10 08:11:42 1,767,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PPCNV.DLL
+ 2007-03-21 17:00:06 72,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PXBCOM.EXE
+ 2007-03-21 16:58:40 4,145,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12CNV.DLL
+ 2007-03-21 16:58:46 24,416 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12EXE.EXE
+ 2007-05-10 08:25:40 14,677,368 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\XL12CNV.EXE
+ 2007-09-14 20:45:58 16,901,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\MSO.DLL
+ 2007-08-28 23:19:24 1,654,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\OGL.DLL
+ 2007-08-24 04:00:34 1,767,768 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\PPCNV.DLL
+ 2007-08-24 04:00:48 72,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\PXBCOM.EXE
+ 2007-10-02 19:00:06 14,708,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\XL12CNV.EXE
- 2008-09-10 21:07:44 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-11-23 17:53:03 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-09-10 21:07:44 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-11-23 17:53:03 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-09-10 21:07:44 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-11-23 17:53:03 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-09-10 21:07:44 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-11-23 17:53:03 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-09-10 21:07:44 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-11-23 17:53:03 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-09-10 21:07:44 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-11-23 17:53:03 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-09-10 21:07:44 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-11-23 17:53:03 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-09-10 21:07:44 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-11-23 17:53:03 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-09-10 21:07:44 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-11-23 17:53:03 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-09-10 21:07:44 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-11-23 17:53:03 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-09-10 21:07:44 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-11-23 17:53:03 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-09-10 21:07:44 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-11-23 17:53:03 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-09-10 21:07:43 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-11-23 17:53:03 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-09-29 17:38:24 38,240 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-11-23 17:52:39 38,240 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-06-23 16:43:12 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-08-26 08:27:10 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-06-23 16:43:12 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-08-26 08:27:10 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
- 2008-06-20 10:44:38 138,368 -c--a-w c:\windows\system32\dllcache\afd.sys
+ 2008-08-14 09:51:43 138,368 -c--a-w c:\windows\system32\dllcache\afd.sys
- 2008-06-23 16:43:12 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-08-26 08:27:10 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-06-23 16:43:13 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-08-26 08:27:10 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-06-23 16:43:13 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-08-26 08:27:10 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-06-23 16:43:13 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-08-26 08:27:10 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-06-23 09:22:59 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-08-25 08:40:59 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-06-23 16:43:13 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-08-26 08:27:10 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-06-23 16:43:13 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-08-26 08:27:10 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-06-21 05:23:54 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-06-23 16:43:13 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-08-26 08:27:10 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-06-23 16:43:13 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-08-26 08:27:10 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-06-23 16:43:15 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-03 17:38:28 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-06-23 16:43:15 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-08-26 08:27:11 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-06-23 16:43:15 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-08-26 08:27:11 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-06-23 09:20:26 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-06-23 09:23:16 625,664 -c--a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-08-23 05:56:15 635,848 -c--a-w c:\windows\system32\dllcache\iexplore.exe
- 2008-06-23 16:43:16 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-08-26 08:27:11 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-05-05 09:41:45 453,120 -c----w c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
- 2008-06-23 16:43:16 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-08-26 08:27:11 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-06-23 16:43:16 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 08:27:11 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-06-24 08:43:20 3,592,192 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-08-27 09:27:14 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-06-23 16:43:18 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-08-26 08:27:12 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-06-23 16:43:18 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-08-26 08:27:12 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-06-23 16:43:19 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-08-26 08:27:12 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2007-06-26 06:10:37 1,104,896 -c--a-w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:46:31 1,106,944 -c--a-w c:\windows\system32\dllcache\msxml3.dll
- 2006-08-17 12:30:16 332,288 -c--a-w c:\windows\system32\dllcache\netapi32.dll
+ 2008-10-15 17:01:37 332,800 -c--a-w c:\windows\system32\dllcache\netapi32.dll
- 2007-02-28 16:05:05 2,140,672 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 13:47:57 2,140,672 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 16:05:16 2,061,952 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 13:48:03 2,062,080 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 16:05:04 2,020,352 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 13:47:56 2,020,352 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
- 2007-02-28 16:05:16 2,184,704 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 13:48:00 2,184,704 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-06-23 16:43:19 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
+ 2008-08-26 08:27:12 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
- 2008-06-23 16:43:19 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-08-26 08:27:12 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2006-08-14 10:34:41 332,928 -c--a-w c:\windows\system32\dllcache\srv.sys
+ 2008-08-28 10:04:17 333,056 -c--a-w c:\windows\system32\dllcache\srv.sys
- 2008-06-23 16:43:19 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
+ 2008-08-26 08:27:12 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
- 2008-06-23 16:43:19 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-08-26 08:27:13 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-06-23 16:43:20 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-08-26 08:27:13 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-03-20 08:10:47 1,845,376 -c--a-w c:\windows\system32\dllcache\win32k.sys
+ 2008-09-15 15:42:10 1,846,144 -c--a-w c:\windows\system32\dllcache\win32k.sys
- 2008-06-23 16:43:20 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-08-26 08:27:13 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2008-06-20 10:44:38 138,368 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys
- 2006-08-14 10:34:41 332,928 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-08-28 10:04:17 333,056 ----a-w c:\windows\system32\drivers\srv.sys
- 2008-06-23 16:43:12 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-08-26 08:27:10 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-06-23 16:43:13 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-08-26 08:27:10 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-06-23 16:43:13 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-08-26 08:27:10 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-10-05 10:23:29 136,464 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-23 18:21:48 136,464 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-06-23 16:43:13 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-08-26 08:27:10 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-06-23 09:22:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-08-25 08:40:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-06-23 16:43:13 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-08-26 08:27:10 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-06-23 16:43:13 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-08-26 08:27:10 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-06-21 05:23:54 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-06-23 16:43:13 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-08-26 08:27:10 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-06-23 16:43:13 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-08-26 08:27:10 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-06-23 16:43:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-03 17:38:28 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-06-23 16:43:15 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-08-26 08:27:11 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-06-23 16:43:15 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-08-26 08:27:11 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-06-23 09:20:26 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-06-23 16:43:16 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-08-26 08:27:11 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2008-08-26 20:28:12 16,208,504 ----a-w c:\windows\system32\MRT.exe
+ 2008-11-03 15:10:26 17,318,336 ----a-w c:\windows\system32\MRT.exe
- 2008-06-23 16:43:16 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-08-26 08:27:11 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-06-23 16:43:16 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-08-26 08:27:11 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-06-24 08:43:20 3,592,192 ----a-w c:\windows\system32\mshtml.dll
+ 2008-08-27 09:27:14 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-06-23 16:43:18 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-08-26 08:27:12 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-06-23 16:43:18 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-08-26 08:27:12 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-06-23 16:43:19 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-08-26 08:27:12 671,232 ----a-w c:\windows\system32\mstime.dll
- 2006-08-17 12:30:16 332,288 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 17:01:37 332,800 ----a-w c:\windows\system32\netapi32.dll
- 2007-02-28 16:05:04 2,020,352 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 13:47:56 2,020,352 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2007-02-28 16:05:05 2,140,672 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 13:47:57 2,140,672 ----a-w c:\windows\system32\ntoskrnl.exe
- 2008-06-23 16:43:19 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-08-26 08:27:12 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-06-23 16:43:19 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-08-26 08:27:12 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2007-11-30 12:39:46 18,808 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:19:43 18,808 ------w c:\windows\system32\spmsg.dll
- 2008-06-23 16:43:19 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-08-26 08:27:12 105,984 ----a-w c:\windows\system32\url.dll
- 2008-06-23 16:43:19 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-08-26 08:27:13 1,159,680 ----a-w c:\windows\system32\urlmon.dll
- 2008-06-23 16:43:20 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-08-26 08:27:13 233,472 ----a-w c:\windows\system32\webcheck.dll
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-04-10 15360]
"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-12 342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"SetIcon"="\Windows\SMSC\SetIcon.exe" [2005-07-08 42496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-06 7700480]
"LanguageShortcut"="c:\program files\Home Cinema\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"BCD3000"="c:\windows\system32\bcd3kcpan.exe" [2008-08-13 552960]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-09 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-10-09 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-10-06 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-04-10 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-02 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 40960]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-08-08 716800]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Gaming Zone\\Windows\\bckgzm.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\iPhone Tunnel Suite\\iTunnel\\iTunnel.exe"=

R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2008-08-08 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2008-08-08 11264]
R3 BCD3000;Behringer BCD3000 V1.1.2.0;c:\windows\system32\Drivers\BCD3000.SYS [2008-08-13 42496]
R3 BCD3000WDM;Behringer BCD3000WDM V1.1.2.0;c:\windows\system32\Drivers\BCD3000WDM.SYS [2008-08-13 21600]
R3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2008-08-08 7040]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-08-19 38472]
.
Inhoud van de 'Gedeelde Taken' map

2008-09-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-23 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1218717880.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-02 19:38]
.
.
------- Bijkomende Scan -------
.
FireFox -: Profile - c:\documents and settings\Massimo\Application Data\Mozilla\Firefox\Profiles\0fsfm80n.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - Google
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 23:59:16
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-11-26 23:59:56
ComboFix-quarantined-files.txt 2008-11-26 22:59:43
ComboFix2.txt 2008-11-22 17:18:08

Pre-Run: 244.171.993.088 bytes beschikbaar
Post-Run: 244,165,165,056 bytes beschikbaar

384 --- E O F --- 2008-11-23 17:53:44

D--Amo

Legacy Member
De tekst was te lang, hier ng even the HiJackThis log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:11:01, on 27/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\SMSC\SetIcon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\bcd3kcpan.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SetIcon] \Windows\SMSC\SetIcon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BCD3000] %SystemRoot%\system32\bcd3kcpan.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 7102 bytes

Jurgenv1

Legacy Member
* Download Malwarebytes' Anti-Malware via hier of hier.

Dubbelklik mbam-setup.exe om het programma te installeren.
  • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
  • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
  • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
  • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
  • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.
Extra Nota:
Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

D--Amo

Legacy Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:17:10, on 30/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\SMSC\SetIcon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\bcd3kcpan.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SetIcon] \Windows\SMSC\SetIcon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BCD3000] %SystemRoot%\system32\bcd3kcpan.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 7253 bytes



Malwarebytes' Anti-Malware 1.30
Database versie: 1433
Windows 5.1.2600 Service Pack 2

29/11/2008 18:55:24
mbam-log-2008-11-29 (18-55-24).txt

Scan type: Snelle Scan
Objecten gescand: 53036
Verstreken tijd: 4 minute(s), 8 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 2
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 1
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 4

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46d7049a-9db9-4aec-82b1-f101b9367cb1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\radbanner (Adware.Agent) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully.

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
C:\WINDOWS\system32\juoepkta.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wrpnjt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\itddox.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rafjumsv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan