Dr_pimpie
Legacy Member
hallo allemaal,
door een stomme en ondoordachte fout heb ik een msn virus gehad dat tegen al mijn online contactpersonen
Hi, ich habe letztens ein paar Superheisse Urlaubsphotos von mir machen können. Die Bräute da waren einfach der Hammer! Wenn du es dir mal anschauen möchteste kannst du diese unter Folgendem Link Downloaden: [BEISPIELLINK]http://rs232.rapidshare.com/files/...[/BEISPIELLINK] Es war halt wirklich der beste Urlaub meines Lebens
het een of ander msn virus/worm dus. Ik heb de sticky zo goed mogelijk proberen te volgend maar aangezien deze 2 jaar oud is was het niet zo eenvoudig de procedure volledig correct uit te voeren.
Kan iemand mijn hijack this log checken? meer naar beneden volgt een combofix log :
hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:22, on 26/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Orion\Bluetooth Remote Control\BTRemoteServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [OrionBluetoothRemoteControl] "C:\Program Files\Orion\Bluetooth Remote Control\BTRemoteServer.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 8041 bytes
combofix gaf volgend log bestand :
ComboFix 08-10-25.01 - Wim 2008-10-26 18:49:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1506 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Wim\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\INSTALL.LOG
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-09-26 to 2008-10-26 ))))))))))))))))))))))))))))))
.
2008-10-26 18:17 . 2008-10-26 18:17 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-26 17:44 . 2008-10-26 17:46 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-26 17:44 . 2008-10-26 17:44 <DIR> d-------- C:\Program Files\AVG
2008-10-26 17:44 . 2008-10-26 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-26 17:44 . 2008-10-26 17:44 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-26 17:44 . 2008-10-26 17:44 90,632 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-26 17:44 . 2008-10-26 17:44 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-10-26 17:44 . 2008-10-26 17:44 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-26 17:32 . 2008-10-26 17:32 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-10-26 17:32 . 2008-10-26 17:32 <DIR> d-------- C:\Program Files\CA
2008-10-26 17:32 . 2008-10-26 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-10-26 17:32 . 2008-08-27 18:44 250,544 --a------ C:\WINDOWS\system32\KeyHelp.ocx
2008-10-26 16:09 . 2008-10-26 16:14 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-26 16:09 . 2008-10-26 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-26 15:37 . 2008-10-26 15:37 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-26 15:37 . 2008-10-26 15:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-26 15:37 . 2008-10-26 15:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-26 15:34 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-10-26 15:33 . 2008-10-26 15:33 <DIR> d-------- C:\Program Files\Panda Security
2008-10-26 15:21 . 2008-10-26 15:20 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-26 15:21 . 2008-10-26 15:20 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-26 15:20 . 2008-10-26 15:20 <DIR> d-------- C:\Program Files\Java
2008-10-26 14:06 . 2008-10-26 14:06 <DIR> d-------- C:\Program Files\DivX
2008-10-21 16:15 . 2008-10-21 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-10-21 15:44 . 2006-10-26 18:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
2008-10-21 15:43 . 2008-10-21 15:43 <DIR> d-------- C:\Program Files\Microsoft Works
2008-10-21 15:42 . 2008-10-21 15:42 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-10-21 15:40 . 2008-10-21 15:40 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-10-21 15:40 . 2008-10-21 15:40 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-10-21 15:40 . 2008-10-21 15:40 <DIR> d-------- C:\IDE
2008-10-21 15:39 . 2008-10-21 15:39 <DIR> dr-h----- C:\MSOCache
2008-10-21 15:39 . 2008-10-23 14:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-21 15:37 . 2008-10-21 15:37 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-10-21 15:34 . 2008-10-21 15:34 <DIR> d-------- C:\Documents and Settings\Wim\Application Data\DAEMON Tools
2008-10-21 15:34 . 2008-10-21 15:34 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-10-17 19:37 . 2008-10-17 19:37 <DIR> d-------- C:\Program Files\CDisplay
2008-10-17 19:35 . 2008-10-26 15:16 <DIR> d-------- C:\Alt.Binz
2008-10-17 19:27 . 2008-10-17 19:28 <DIR> d-------- C:\Program Files\FTDv3.8
2008-10-17 19:13 . 2008-10-17 19:14 <DIR> d-------- C:\Program Files\AltBinz
2008-10-16 09:05 . 2008-10-16 09:06 <DIR> d-------- C:\Program Files\Winamp
2008-10-16 09:05 . 2008-10-16 09:07 <DIR> d-------- C:\Documents and Settings\Wim\Application Data\Winamp
2008-10-16 08:59 . 2008-04-13 21:16 37,888 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2008-10-16 08:59 . 2008-04-13 21:16 37,888 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-10-15 13:21 . 2008-10-15 13:21 <DIR> d-------- C:\Documents and Settings\Wim\Application Data\Rockwell Software
2008-10-15 13:20 . 2008-10-15 13:20 <DIR> d-------- C:\Program Files\Rockwell Software
2008-10-15 13:20 . 2008-10-15 13:20 <DIR> d-------- C:\Program Files\Common Files\Crystal Decisions
2008-10-15 13:20 . 2008-10-15 13:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rockwell Software
2008-10-15 13:20 . 2008-10-15 13:20 51 --a------ C:\WINDOWS\rocksoft.ini
2008-10-15 13:14 . 2008-10-16 08:54 <DIR> d-------- C:\Documents and Settings\Wim\Application Data\Sony Corporation
2008-10-15 13:13 . 2008-10-16 08:54 <DIR> d-------- C:\Program Files\Sony
2008-10-15 13:13 . 2007-03-26 15:17 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-10-15 13:13 . 2005-09-07 17:00 86,016 --a------ C:\WINDOWS\system32\VCCenter.cpl
2008-10-14 23:46 . 2008-10-26 17:32 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-10-14 23:46 . 2008-10-14 23:46 <DIR> d-------- C:\LINDO61
2008-10-14 23:23 . 2008-10-14 23:23 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-10-14 23:20 . 2008-10-15 13:16 <DIR> d-------- C:\Program Files\NOS
2008-10-14 23:20 . 2008-10-15 13:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-10-14 16:14 . 2008-10-14 16:14 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-10-14 16:14 . 2008-10-14 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-10-14 16:14 . 2008-10-14 16:14 356,352 --a------ C:\WINDOWS\system32\AegisI5Installer.exe
2008-10-14 16:14 . 2008-10-14 16:14 21,393 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-10-14 16:14 . 2008-10-14 16:14 21,393 --a------ C:\WINDOWS\AegisP.sys
2008-10-14 16:14 . 2008-10-14 16:14 13,864 --a------ C:\WINDOWS\AegisP.inf
2008-10-14 16:14 . 2008-10-14 16:14 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-10-14 16:13 . 2008-10-14 16:13 <DIR> d-------- C:\WINDOWS\system32\Touchpad Registry Patch
2008-10-14 16:13 . 2007-06-01 09:33 2,772,992 --a------ C:\WINDOWS\system32\NETw4r32.dll
2008-10-14 16:13 . 2007-05-28 08:03 2,207,232 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-10-14 16:13 . 2007-06-01 09:33 684,032 --a------ C:\WINDOWS\system32\NETw4c32.dll
2008-10-14 16:12 . 2008-10-14 16:12 <DIR> d-------- C:\Program Files\SonyImgF
2008-10-14 16:12 . 2007-08-09 13:20 30,976 --a------ C:\WINDOWS\system32\drivers\SonyImgF.sys
2008-10-14 16:12 . 2007-08-09 13:20 7,958 --a------ C:\WINDOWS\system32\drivers\sonyimgf.cat
2008-10-14 16:12 . 2007-08-09 13:20 2,022 --a------ C:\WINDOWS\system32\drivers\SonyImgF.inf
2008-10-14 16:12 . 2007-08-09 13:20 611 --a------ C:\WINDOWS\system32\drivers\Install.bat
2008-10-14 16:09 . 2008-10-14 16:09 <DIR> d-------- C:\Program Files\Apoint
2008-10-14 16:09 . 2007-11-02 08:23 108,767 --a------ C:\WINDOWS\system32\drivers\Apfiltr.sys
2008-10-14 16:09 . 2007-11-02 08:23 94,235 --a------ C:\WINDOWS\system32\Vxdif.dll
2008-10-14 16:07 . 2008-10-14 16:07 <DIR> d-------- C:\WINDOWS\system32\Memory stick Icon
2008-10-14 16:07 . 2007-11-06 10:26 808,448 --a------ C:\WINDOWS\system32\drivers\ti21sony.sys
2008-10-14 16:07 . 2002-07-26 15:02 153,088 --a------ C:\Program Files\UNWISE.EXE
2008-10-14 14:57 . 2008-10-14 14:57 <DIR> d-------- C:\Orion
2008-10-14 14:57 . 2008-10-14 14:57 106,496 --a------ C:\WINDOWS\system32\WMPBTRemote.dll
2008-10-14 10:31 . 2008-10-14 10:31 <DIR> d-------- C:\Program Files\Orion
2008-10-14 10:30 . 2008-10-14 11:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-10-14 10:29 . 2008-10-14 10:29 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-10-14 10:04 . 2007-12-03 13:15 1,018,772 --a------ C:\WINDOWS\system32\nvucode.bin
2008-10-14 10:00 . 2008-10-14 10:00 <DIR> d-------- C:\Program Files\WIDCOMM
2008-10-14 10:00 . 2007-11-06 09:51 878,520 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys
2008-10-14 10:00 . 2007-11-06 09:51 539,160 --a------ C:\WINDOWS\system32\drivers\btaudio.sys
2008-10-14 10:00 . 2007-11-06 09:51 156,392 --a------ C:\WINDOWS\system32\drivers\btwdndis.sys
2008-10-14 10:00 . 2007-11-06 09:51 106,557 --a------ C:\WINDOWS\system32\btw_ci.dll
2008-10-14 10:00 . 2007-11-06 09:51 55,352 --a------ C:\WINDOWS\system32\drivers\btwhid.sys
2008-10-14 10:00 . 2007-11-06 09:51 37,424 --a------ C:\WINDOWS\system32\drivers\btport.sys
2008-10-14 09:43 . 2008-10-14 09:43 <DIR> d-------- C:\Documents and Settings\Wim\Contacts
2008-10-14 09:43 . 2008-10-14 09:43 0 --a------ C:\WINDOWS\nsreg.dat
2008-10-14 09:32 . 2008-10-14 09:34 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-14 09:32 . 2008-10-14 09:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-14 09:31 . 2008-10-14 09:43 <DIR> d-------- C:\Downloads
2008-10-14 09:23 . 2008-10-22 20:44 3,960 --a------ C:\WINDOWS\system32\NvApps.xml
2008-10-14 01:19 . 2008-10-14 10:05 <DIR> d-------- C:\WINDOWS\nview
2008-10-14 01:18 . 2008-10-14 01:18 <DIR> d-------- C:\Documents and Settings\Wim\Application Data\Media Player Classic
2008-10-14 01:17 . 2008-10-14 01:17 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-10-14 01:17 . 2008-10-14 16:13 <DIR> d-------- C:\Program Files\Intel
2008-10-14 01:16 . 2008-10-14 01:16 <DIR> d-------- C:\Program Files\SigmaTel
2008-10-14 01:16 . 2008-10-15 13:13 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-10-14 01:16 . 2008-10-15 13:13 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-10-14 01:16 . 2007-09-19 00:56 4,952,064 --a------ C:\WINDOWS\system32\stac97.cpl
2008-10-14 01:16 . 2007-09-19 00:56 2,187,264 --a------ C:\WINDOWS\system32\stlang.dll
2008-10-14 01:16 . 2007-09-19 00:56 1,222,840 --a------ C:\WINDOWS\system32\drivers\sthda.sys
2008-10-14 01:16 . 2007-09-19 00:56 270,336 --a------ C:\WINDOWS\system32\stacapi.dll
2008-10-14 01:16 . 2008-03-21 10:35 146,048 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-10-14 01:16 . 2008-03-21 10:35 146,048 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2008-10-14 01:16 . 2007-09-19 00:56 144,896 --a------ C:\WINDOWS\system32\staco.dll
2008-10-14 01:16 . 2008-04-13 21:15 60,160 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-10-14 01:16 . 2008-04-13 21:15 60,160 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-10-14 01:14 . 2007-11-02 08:23 250,496 --a------ C:\WINDOWS\system32\drivers\yk51x86.sys
2008-10-14 01:13 . 2008-10-14 01:13 <DIR> d-------- C:\VGN-FZ2-Drivers
2008-10-14 01:12 . 2008-04-13 21:15 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-10-13 18:08 . 2008-10-13 17:56 <DIR> d--h----- C:\Documents and Settings\Wim\Sjablonen
2008-10-13 18:08 . 2008-10-26 16:08 <DIR> dr-h----- C:\Documents and Settings\Wim\Onlangs geopend
2008-10-13 18:08 . 2008-10-13 19:48 <DIR> d--h----- C:\Documents and Settings\Wim\Netwerkprinteromgeving
2008-10-13 18:08 . 2008-10-23 16:38 <DIR> dr------- C:\Documents and Settings\Wim\Mijn documenten
2008-10-13 18:08 . 2008-10-13 19:48 <DIR> dr------- C:\Documents and Settings\Wim\Menu Start
2008-10-13 18:08 . 2008-10-13 18:09 <DIR> dr------- C:\Documents and Settings\Wim\Favorieten
2008-10-13 18:08 . 2008-10-26 18:46 <DIR> d-------- C:\Documents and Settings\Wim\Bureaublad
2008-10-13 18:08 . 2008-10-13 18:03 86 --a------ C:\Documents and Settings\Wim\DelE6E.bat
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-13 17:04 --------- d-----w C:\Program Files\microsoft frontpage
2008-10-13 17:03 86 ----a-w C:\Documents and Settings\Default User\DelE6E.bat
2008-10-13 17:03 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-13 17:01 --------- d-----w C:\Program Files\Reference Assemblies
2008-10-13 17:01 --------- d-----w C:\Program Files\MSBuild
2008-10-13 16:56 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-19 21:55 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-08-20 09:38 55,296 ----a-w C:\WINDOWS\system32\dmutil.dll
2008-08-20 09:38 52,736 ----a-w C:\WINDOWS\system32\wzcsapi.dll
2008-08-20 09:38 49,152 ----a-w C:\WINDOWS\system32\cnbjmon.dll
2008-08-20 09:38 483,328 ----a-w C:\WINDOWS\system32\wzcsvc.dll
2008-08-20 09:38 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll
2008-08-20 09:38 35,328 ----a-w C:\WINDOWS\system32\pid.dll
2008-08-20 09:38 20,992 ----a-w C:\WINDOWS\system32\hid.dll
2008-08-20 09:38 2,028,544 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-20 09:38 16,896 ----a-w C:\WINDOWS\system32\msyuv.dll
2008-08-20 09:38 15,360 ----a-w C:\WINDOWS\system32\pjlmon.dll
2008-08-20 09:38 1,571,840 ----a-w C:\WINDOWS\system32\sfcfiles.dll
2008-08-20 09:35 827,904 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-20 09:34 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
2008-08-20 09:33 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OrionBluetoothRemoteControl"="C:\Program Files\Orion\Bluetooth Remote Control\BTRemoteServer.exe" [2008-04-01 278528]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-15 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-03 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-03 81920]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-11-02 118784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-26 136600]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-08-30 181488]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-26 1235736]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-15 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2007-12-03 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-10-26 12936]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-26 97928]
R1 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-26 90632]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-26 231704]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-26 152984]
R3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-08-27 185584]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2007-08-09 30976]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2007-11-06 808448]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Inhoud van de 'Gedeelde Taken' map
2008-10-26 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Wim at 17 33.job
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2008-08-27 18:44]
.
- - - - ORPHANS VERWIJDERD - - - -
HKCU-Run-MsnMsgr - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
HKLM-Explorer_Run-Sidebar - C:\DOCUME~1\Wim\LOCALS~1\Temp\sidebar.exe
.
------- Bijkomende Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Wim\Application Data\Mozilla\Firefox\Profiles\d428wfqf.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.be/
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 18:54:00
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Sidebar = C:\DOCUME~1\Wim\LOCALS~1\Temp\sidebar.exe????????0???????B??????????j????????B??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????,?????@?????????????(????????H??????????????8??
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2008-10-26 18:54:32
ComboFix-quarantined-files.txt 2008-10-26 17:54:30
Pre-Run: 114.186.149.888 bytes beschikbaar
Post-Run: 114,173,239,296 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
259
door een stomme en ondoordachte fout heb ik een msn virus gehad dat tegen al mijn online contactpersonen
Hi, ich habe letztens ein paar Superheisse Urlaubsphotos von mir machen können. Die Bräute da waren einfach der Hammer! Wenn du es dir mal anschauen möchteste kannst du diese unter Folgendem Link Downloaden: [BEISPIELLINK]http://rs232.rapidshare.com/files/...[/BEISPIELLINK] Es war halt wirklich der beste Urlaub meines Lebens

het een of ander msn virus/worm dus. Ik heb de sticky zo goed mogelijk proberen te volgend maar aangezien deze 2 jaar oud is was het niet zo eenvoudig de procedure volledig correct uit te voeren.
Kan iemand mijn hijack this log checken? meer naar beneden volgt een combofix log :
hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:22, on 26/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Orion\Bluetooth Remote Control\BTRemoteServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [OrionBluetoothRemoteControl] "C:\Program Files\Orion\Bluetooth Remote Control\BTRemoteServer.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 8041 bytes
combofix gaf volgend log bestand :
ComboFix 08-10-25.01 - Wim 2008-10-26 18:49:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1506 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Wim\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\INSTALL.LOG
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-09-26 to 2008-10-26 ))))))))))))))))))))))))))))))
.
2008-10-26 18:17 . 2008-10-26 18:17 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-26 17:44 . 2008-10-26 17:46 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-26 17:44 . 2008-10-26 17:44 <DIR> d-------- C:\Program Files\AVG
2008-10-26 17:44 . 2008-10-26 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-26 17:44 . 2008-10-26 17:44 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-26 17:44 . 2008-10-26 17:44 90,632 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-26 17:44 . 2008-10-26 17:44 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-10-26 17:44 . 2008-10-26 17:44 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-26 17:32 . 2008-10-26 17:32 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-10-26 17:32 . 2008-10-26 17:32 <DIR> d-------- C:\Program Files\CA
2008-10-26 17:32 . 2008-10-26 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-10-26 17:32 . 2008-08-27 18:44 250,544 --a------ C:\WINDOWS\system32\KeyHelp.ocx
2008-10-26 16:09 . 2008-10-26 16:14 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-26 16:09 . 2008-10-26 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-26 15:37 . 2008-10-26 15:37 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-26 15:37 . 2008-10-26 15:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-26 15:37 . 2008-10-26 15:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-26 15:34 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-10-26 15:33 . 2008-10-26 15:33 <DIR> d-------- C:\Program Files\Panda Security
2008-10-26 15:21 . 2008-10-26 15:20 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-26 15:21 . 2008-10-26 15:20 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-26 15:20 . 2008-10-26 15:20 <DIR> d-------- C:\Program Files\Java
2008-10-26 14:06 . 2008-10-26 14:06 <DIR> d-------- C:\Program Files\DivX
2008-10-21 16:15 . 2008-10-21 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-10-21 15:44 . 2006-10-26 18:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
2008-10-21 15:43 . 2008-10-21 15:43 <DIR> d-------- C:\Program Files\Microsoft Works
2008-10-21 15:42 . 2008-10-21 15:42 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-10-21 15:40 . 2008-10-21 15:40 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-10-21 15:40 . 2008-10-21 15:40 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-10-21 15:40 . 2008-10-21 15:40 <DIR> d-------- C:\IDE
2008-10-21 15:39 . 2008-10-21 15:39 <DIR> dr-h----- C:\MSOCache
2008-10-21 15:39 . 2008-10-23 14:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-21 15:37 . 2008-10-21 15:37 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-10-21 15:34 . 2008-10-21 15:34 <DIR> d-------- C:\Documents and Settings\Wim\Application Data\DAEMON Tools
2008-10-21 15:34 . 2008-10-21 15:34 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-10-17 19:37 . 2008-10-17 19:37 <DIR> d-------- C:\Program Files\CDisplay
2008-10-17 19:35 . 2008-10-26 15:16 <DIR> d-------- C:\Alt.Binz
2008-10-17 19:27 . 2008-10-17 19:28 <DIR> d-------- C:\Program Files\FTDv3.8
2008-10-17 19:13 . 2008-10-17 19:14 <DIR> d-------- C:\Program Files\AltBinz
2008-10-16 09:05 . 2008-10-16 09:06 <DIR> d-------- C:\Program Files\Winamp
2008-10-16 09:05 . 2008-10-16 09:07 <DIR> d-------- C:\Documents and Settings\Wim\Application Data\Winamp
2008-10-16 08:59 . 2008-04-13 21:16 37,888 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2008-10-16 08:59 . 2008-04-13 21:16 37,888 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-10-15 13:21 . 2008-10-15 13:21 <DIR> d-------- C:\Documents and Settings\Wim\Application Data\Rockwell Software
2008-10-15 13:20 . 2008-10-15 13:20 <DIR> d-------- C:\Program Files\Rockwell Software
2008-10-15 13:20 . 2008-10-15 13:20 <DIR> d-------- C:\Program Files\Common Files\Crystal Decisions
2008-10-15 13:20 . 2008-10-15 13:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rockwell Software
2008-10-15 13:20 . 2008-10-15 13:20 51 --a------ C:\WINDOWS\rocksoft.ini
2008-10-15 13:14 . 2008-10-16 08:54 <DIR> d-------- C:\Documents and Settings\Wim\Application Data\Sony Corporation
2008-10-15 13:13 . 2008-10-16 08:54 <DIR> d-------- C:\Program Files\Sony
2008-10-15 13:13 . 2007-03-26 15:17 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-10-15 13:13 . 2005-09-07 17:00 86,016 --a------ C:\WINDOWS\system32\VCCenter.cpl
2008-10-14 23:46 . 2008-10-26 17:32 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-10-14 23:46 . 2008-10-14 23:46 <DIR> d-------- C:\LINDO61
2008-10-14 23:23 . 2008-10-14 23:23 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-10-14 23:20 . 2008-10-15 13:16 <DIR> d-------- C:\Program Files\NOS
2008-10-14 23:20 . 2008-10-15 13:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-10-14 16:14 . 2008-10-14 16:14 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-10-14 16:14 . 2008-10-14 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-10-14 16:14 . 2008-10-14 16:14 356,352 --a------ C:\WINDOWS\system32\AegisI5Installer.exe
2008-10-14 16:14 . 2008-10-14 16:14 21,393 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-10-14 16:14 . 2008-10-14 16:14 21,393 --a------ C:\WINDOWS\AegisP.sys
2008-10-14 16:14 . 2008-10-14 16:14 13,864 --a------ C:\WINDOWS\AegisP.inf
2008-10-14 16:14 . 2008-10-14 16:14 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-10-14 16:13 . 2008-10-14 16:13 <DIR> d-------- C:\WINDOWS\system32\Touchpad Registry Patch
2008-10-14 16:13 . 2007-06-01 09:33 2,772,992 --a------ C:\WINDOWS\system32\NETw4r32.dll
2008-10-14 16:13 . 2007-05-28 08:03 2,207,232 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-10-14 16:13 . 2007-06-01 09:33 684,032 --a------ C:\WINDOWS\system32\NETw4c32.dll
2008-10-14 16:12 . 2008-10-14 16:12 <DIR> d-------- C:\Program Files\SonyImgF
2008-10-14 16:12 . 2007-08-09 13:20 30,976 --a------ C:\WINDOWS\system32\drivers\SonyImgF.sys
2008-10-14 16:12 . 2007-08-09 13:20 7,958 --a------ C:\WINDOWS\system32\drivers\sonyimgf.cat
2008-10-14 16:12 . 2007-08-09 13:20 2,022 --a------ C:\WINDOWS\system32\drivers\SonyImgF.inf
2008-10-14 16:12 . 2007-08-09 13:20 611 --a------ C:\WINDOWS\system32\drivers\Install.bat
2008-10-14 16:09 . 2008-10-14 16:09 <DIR> d-------- C:\Program Files\Apoint
2008-10-14 16:09 . 2007-11-02 08:23 108,767 --a------ C:\WINDOWS\system32\drivers\Apfiltr.sys
2008-10-14 16:09 . 2007-11-02 08:23 94,235 --a------ C:\WINDOWS\system32\Vxdif.dll
2008-10-14 16:07 . 2008-10-14 16:07 <DIR> d-------- C:\WINDOWS\system32\Memory stick Icon
2008-10-14 16:07 . 2007-11-06 10:26 808,448 --a------ C:\WINDOWS\system32\drivers\ti21sony.sys
2008-10-14 16:07 . 2002-07-26 15:02 153,088 --a------ C:\Program Files\UNWISE.EXE
2008-10-14 14:57 . 2008-10-14 14:57 <DIR> d-------- C:\Orion
2008-10-14 14:57 . 2008-10-14 14:57 106,496 --a------ C:\WINDOWS\system32\WMPBTRemote.dll
2008-10-14 10:31 . 2008-10-14 10:31 <DIR> d-------- C:\Program Files\Orion
2008-10-14 10:30 . 2008-10-14 11:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-10-14 10:29 . 2008-10-14 10:29 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-10-14 10:04 . 2007-12-03 13:15 1,018,772 --a------ C:\WINDOWS\system32\nvucode.bin
2008-10-14 10:00 . 2008-10-14 10:00 <DIR> d-------- C:\Program Files\WIDCOMM
2008-10-14 10:00 . 2007-11-06 09:51 878,520 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys
2008-10-14 10:00 . 2007-11-06 09:51 539,160 --a------ C:\WINDOWS\system32\drivers\btaudio.sys
2008-10-14 10:00 . 2007-11-06 09:51 156,392 --a------ C:\WINDOWS\system32\drivers\btwdndis.sys
2008-10-14 10:00 . 2007-11-06 09:51 106,557 --a------ C:\WINDOWS\system32\btw_ci.dll
2008-10-14 10:00 . 2007-11-06 09:51 55,352 --a------ C:\WINDOWS\system32\drivers\btwhid.sys
2008-10-14 10:00 . 2007-11-06 09:51 37,424 --a------ C:\WINDOWS\system32\drivers\btport.sys
2008-10-14 09:43 . 2008-10-14 09:43 <DIR> d-------- C:\Documents and Settings\Wim\Contacts
2008-10-14 09:43 . 2008-10-14 09:43 0 --a------ C:\WINDOWS\nsreg.dat
2008-10-14 09:32 . 2008-10-14 09:34 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-14 09:32 . 2008-10-14 09:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-14 09:31 . 2008-10-14 09:43 <DIR> d-------- C:\Downloads
2008-10-14 09:23 . 2008-10-22 20:44 3,960 --a------ C:\WINDOWS\system32\NvApps.xml
2008-10-14 01:19 . 2008-10-14 10:05 <DIR> d-------- C:\WINDOWS\nview
2008-10-14 01:18 . 2008-10-14 01:18 <DIR> d-------- C:\Documents and Settings\Wim\Application Data\Media Player Classic
2008-10-14 01:17 . 2008-10-14 01:17 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-10-14 01:17 . 2008-10-14 16:13 <DIR> d-------- C:\Program Files\Intel
2008-10-14 01:16 . 2008-10-14 01:16 <DIR> d-------- C:\Program Files\SigmaTel
2008-10-14 01:16 . 2008-10-15 13:13 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-10-14 01:16 . 2008-10-15 13:13 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-10-14 01:16 . 2007-09-19 00:56 4,952,064 --a------ C:\WINDOWS\system32\stac97.cpl
2008-10-14 01:16 . 2007-09-19 00:56 2,187,264 --a------ C:\WINDOWS\system32\stlang.dll
2008-10-14 01:16 . 2007-09-19 00:56 1,222,840 --a------ C:\WINDOWS\system32\drivers\sthda.sys
2008-10-14 01:16 . 2007-09-19 00:56 270,336 --a------ C:\WINDOWS\system32\stacapi.dll
2008-10-14 01:16 . 2008-03-21 10:35 146,048 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-10-14 01:16 . 2008-03-21 10:35 146,048 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2008-10-14 01:16 . 2007-09-19 00:56 144,896 --a------ C:\WINDOWS\system32\staco.dll
2008-10-14 01:16 . 2008-04-13 21:15 60,160 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-10-14 01:16 . 2008-04-13 21:15 60,160 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-10-14 01:14 . 2007-11-02 08:23 250,496 --a------ C:\WINDOWS\system32\drivers\yk51x86.sys
2008-10-14 01:13 . 2008-10-14 01:13 <DIR> d-------- C:\VGN-FZ2-Drivers
2008-10-14 01:12 . 2008-04-13 21:15 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-10-13 18:08 . 2008-10-13 17:56 <DIR> d--h----- C:\Documents and Settings\Wim\Sjablonen
2008-10-13 18:08 . 2008-10-26 16:08 <DIR> dr-h----- C:\Documents and Settings\Wim\Onlangs geopend
2008-10-13 18:08 . 2008-10-13 19:48 <DIR> d--h----- C:\Documents and Settings\Wim\Netwerkprinteromgeving
2008-10-13 18:08 . 2008-10-23 16:38 <DIR> dr------- C:\Documents and Settings\Wim\Mijn documenten
2008-10-13 18:08 . 2008-10-13 19:48 <DIR> dr------- C:\Documents and Settings\Wim\Menu Start
2008-10-13 18:08 . 2008-10-13 18:09 <DIR> dr------- C:\Documents and Settings\Wim\Favorieten
2008-10-13 18:08 . 2008-10-26 18:46 <DIR> d-------- C:\Documents and Settings\Wim\Bureaublad
2008-10-13 18:08 . 2008-10-13 18:03 86 --a------ C:\Documents and Settings\Wim\DelE6E.bat
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-13 17:04 --------- d-----w C:\Program Files\microsoft frontpage
2008-10-13 17:03 86 ----a-w C:\Documents and Settings\Default User\DelE6E.bat
2008-10-13 17:03 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-13 17:01 --------- d-----w C:\Program Files\Reference Assemblies
2008-10-13 17:01 --------- d-----w C:\Program Files\MSBuild
2008-10-13 16:56 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-19 21:55 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-08-20 09:38 55,296 ----a-w C:\WINDOWS\system32\dmutil.dll
2008-08-20 09:38 52,736 ----a-w C:\WINDOWS\system32\wzcsapi.dll
2008-08-20 09:38 49,152 ----a-w C:\WINDOWS\system32\cnbjmon.dll
2008-08-20 09:38 483,328 ----a-w C:\WINDOWS\system32\wzcsvc.dll
2008-08-20 09:38 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll
2008-08-20 09:38 35,328 ----a-w C:\WINDOWS\system32\pid.dll
2008-08-20 09:38 20,992 ----a-w C:\WINDOWS\system32\hid.dll
2008-08-20 09:38 2,028,544 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-20 09:38 16,896 ----a-w C:\WINDOWS\system32\msyuv.dll
2008-08-20 09:38 15,360 ----a-w C:\WINDOWS\system32\pjlmon.dll
2008-08-20 09:38 1,571,840 ----a-w C:\WINDOWS\system32\sfcfiles.dll
2008-08-20 09:35 827,904 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-20 09:34 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
2008-08-20 09:33 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OrionBluetoothRemoteControl"="C:\Program Files\Orion\Bluetooth Remote Control\BTRemoteServer.exe" [2008-04-01 278528]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-15 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-03 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-03 81920]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-11-02 118784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-26 136600]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-08-30 181488]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-26 1235736]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-15 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2007-12-03 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-10-26 12936]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-26 97928]
R1 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-26 90632]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-26 231704]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-26 152984]
R3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-08-27 185584]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2007-08-09 30976]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2007-11-06 808448]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Inhoud van de 'Gedeelde Taken' map
2008-10-26 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Wim at 17 33.job
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2008-08-27 18:44]
.
- - - - ORPHANS VERWIJDERD - - - -
HKCU-Run-MsnMsgr - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
HKLM-Explorer_Run-Sidebar - C:\DOCUME~1\Wim\LOCALS~1\Temp\sidebar.exe
.
------- Bijkomende Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Wim\Application Data\Mozilla\Firefox\Profiles\d428wfqf.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.be/
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 18:54:00
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Sidebar = C:\DOCUME~1\Wim\LOCALS~1\Temp\sidebar.exe????????0???????B??????????j????????B??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????,?????@?????????????(????????H??????????????8??
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2008-10-26 18:54:32
ComboFix-quarantined-files.txt 2008-10-26 17:54:30
Pre-Run: 114.186.149.888 bytes beschikbaar
Post-Run: 114,173,239,296 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
259