Archief - start menu werkt niet meer

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

Du-toube

Legacy Member
Hallo

Enkele dagen was mijn pc suuupertraag.
Cpu stond constant op 100%.

Ik heb dan eens een system restore gedaan, en dat was verholpen.
Maar er zijn nog enkele problemen:

als ik op start klik, ( links beneden) kan ik niets selecteren bij 'all programs'.
Ik kan wel klikken op mijn computer, of controlepaneel etc.

Maar als ik op 'all programs" ga, zie ik de lijst maar kan ik niets selecteren ( de muis wijst op iets, maar er verandert niets, en kan op niets klikken om het te starten )

Ook heb ik bij mijn processes bij task manager, enkele bestanden dat altijd terugkomen als ik ze sluit.
Ze hebben altijd verschillende nummers
( momenteel: 194043, 166180 en 552551 draaien )

Misschien kunnen jullie me helpen?
Alvast mijn hijacklog file en bedankt


------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:43:50, on 30/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\taskmagr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\System.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Nguyen\LOCALS~1\Temp\166180
C:\DOCUME~1\Nguyen\LOCALS~1\Temp\194043
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 127.0.0.2 ymsdasdw1.cn
O1 - Hosts: 127.0.0.3 h96b.info
O1 - Hosts: 127.0.0.0 fuck.zttwp.cn
O1 - Hosts: 127.0.0.0 :::ÌìÌìÍâ¹ÒÍø::: www.WaiGua365.com »¶Ó­µÇ½ www.WaiGua365.com
O1 - Hosts: 127.0.0.0 ww.popdm.cn
O1 - Hosts: 127.1.1.1 bbt.etimes888.com
O1 - Hosts: 127.1.1.1 219.147.13.53
O1 - Hosts: 127.1.1.1 l.neter888.cn
O1 - Hosts: 127.1.1.1 stat.untang.com
O1 - Hosts: 127.1.1.1 www.ikdy.cn
O1 - Hosts: 127.0.0.0 geekbyfeng.cn
O1 - Hosts: 127.0.0.0 121.14.101.68
O1 - Hosts: 127.0.0.0 ppp.etimes888.com
O1 - Hosts: 127.0.0.0 www.bypk.com
O1 - Hosts: 127.0.0.0 CSC3-2004-crl.verisign.com
O1 - Hosts: 127.0.0.0 udp.hjob123.com
O1 - Hosts: 127.1.1.1 999.hfdy2828.com
O1 - Hosts: 127.1.1.1 www.hfdy2929.com
O1 - Hosts: 127.1.1.1 www.xiazaide1.cn
O1 - Hosts: 127.1.1.1 www.vuf51579.cn
O1 - Hosts: 127.1.1.1 wm.eo2q.cn
O1 - Hosts: 127.1.1.1 d.www-263.com
O1 - Hosts: 127.1.1.1 www.ssy1688.cn
O1 - Hosts: 127.1.1.1 121.12.173.218
O1 - Hosts: 127.1.1.1 qq.18i16.net
O1 - Hosts: 127.1.1.1 a.baidu-6661.com
O1 - Hosts: 127.1.1.1 www.vuf51579.cn
O1 - Hosts: 127.1.1.1 www.1079223105.cn
O1 - Hosts: 127.1.1.1 home.xzx6.cn
O1 - Hosts: 127.1.1.1 top.fgc3.cn
O1 - Hosts: 127.1.1.1 165.246.44.228
O1 - Hosts: 127.1.1.1 wwww.ttfafa.com
O1 - Hosts: 127.1.1.1 pa.tt-09.com
O1 - Hosts: 127.0.0.2 bnasnd83nd.cn
O1 - Hosts: 127.0.0.0 www.gamehacker.com.cn
O1 - Hosts: 127.0.0.0 gamehacker.com.cn
O1 - Hosts: 127.1.1.1 ½¨ÉèÖÐ
O1 - Hosts: 127.1.1.1 222.73.208.141
O1 - Hosts: 127.0.0.3 adlaji.cn
O1 - Hosts: 127.1.1.1 aiyyw.com
O1 - Hosts: 127.1.1.1 bnasnd83nd.cn
O1 - Hosts: 127.0.0.0 user1.12-27.net
O1 - Hosts: 127.0.0.0 fengent.cn
O1 - Hosts: 127.0.0.0 www.sony888.cn
O1 - Hosts: 127.0.0.0 user1.asp-33.cn
O1 - Hosts: 127.0.0.0 www.netkwek.cn
O1 - Hosts: 127.0.0.0 ymsdkad6.cn
O1 - Hosts: 127.0.0.0 www.lkwueir.cn
O1 - Hosts: 127.0.1.1 user1.23-17.net
O1 - Hosts: 127.0.0.0 upa.luzhiai.net
O1 - Hosts: 127.0.0.0 www.guccia.net
O1 - Hosts: 127.0.0.0 4m9mnlmi.cn
O1 - Hosts: 127.0.0.0 mm119mkssd.cn
O1 - Hosts: 127.0.0.0 61.128.171.115:8080
O1 - Hosts: 127.0.0.0 ½¨ÉèÖÐ
O1 - Hosts: 127.0.0.0 win.nihao69.cn
O1 - Hosts: 127.0.0.0 puc.lianxiac.net
O1 - Hosts: 127.0.0.0 pud.lianxiac.net
O1 - Hosts: 127.0.0.0 210.76.0.133
O1 - Hosts: 127.0.0.0 61.166.32.2
O1 - Hosts: 127.0.0.0 218.92.186.27
O1 - Hosts: 127.0.0.0 www.fsfsfag.cn
O1 - Hosts: 127.0.0.0 ovo.ovovov.cn
O1 - Hosts: 127.0.0.0 dw.com.com
O1 - Hosts: 127.0.0.0 t.myblank.cn
O1 - Hosts: 127.0.0.0 x.myblank.cn
O1 - Hosts: 127.0.0.0 qq-xing.com.cn
O1 - Hosts: 127.0.0.0 59.125.231.177:17777
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: msvbcr40 Class - {2756BAD7-2F9F-47ef-AE6D-8D39CCEB396F} - C:\WINDOWS\system32\msvbcr40.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7D182ECE-BFD3-4482-902F-035F4CE9A3C4} - C:\Program Files\Internet Explorer\ftsKetNt.7ps
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Skype Control Class - {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - C:\WINDOWS\system32\SkypeComm.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {EF8EFC85-0038-479B-BB0E-B0A52A15CECA} - C:\Program Files\Internet Explorer\SysKetNt.Sys
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HBService32] System.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKLM\..\Policies\Explorer\Run: [nwiz] alien32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Alcatel Speedtouch Connection (2).lnk = C:\Program Files\Alcatel\SpeedTouch USB\STDialUp.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Nguyen\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://liezj1987.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{465DA6C4-6D5C-4F0D-8DE4-5D48525FABFB}: NameServer = 195.238.2.21 195.238.2.22
O20 - AppInit_DLLs: HBmhly.dllHBXY2.dllHBJXSJ.dllHBSHQ.dllHBWULIN2.dllHBW2I.dllHBKDXY.dllHBASKTAO.dllHBZHUXIAN.dllHBWOW.dllHBCHIBI.dllHBTW2.dllHBWD.dllHBZG.dllHBXMJ.dllDDEE51F5.dll4FC21891.dll,6EDCDE33.dll,F75F0F2C.dll,F232B3DD.dll,EC9630EB.dll,7243154B.dll,F2FC9D59.dll,159618C4.dll,C8A53922.dll,E0ACEE5E.dll,E2993CD3.dll,5C6D2558.dll,31A3B66D.dll,F3A1DFD5.dll,FE8B1EDD.dll,47CF8F38.dll,E63F51B7.dll,FC192B38.dll,7E4296D6.dll,C60CBF1A.dll,7044AB41.dll,B0CD19AD.dll,A47298E3.dll,139B8D72.dll
O21 - SSODL: DDEE51F5 - {DDEE51F5-94F8-417E-8482-2B089CE2F732} - C:\WINDOWS\system32\DDEE51F5.dll
O21 - SSODL: 4FC21891 - {4FC21891-B9B6-422A-ADDF-C68333FD4B0B} - C:\WINDOWS\system32\4FC21891.dll
O21 - SSODL: 6EDCDE33 - {6EDCDE33-671C-4E16-8BE1-6CAAEAC1F7B0} - C:\WINDOWS\system32\6EDCDE33.dll
O21 - SSODL: F75F0F2C - {F75F0F2C-3915-42C5-A2B0-DC67D5E1F002} - C:\WINDOWS\system32\F75F0F2C.dll
O21 - SSODL: F232B3DD - {F232B3DD-3A70-4517-8C9F-1D857FA5BD50} - C:\WINDOWS\system32\F232B3DD.dll
O21 - SSODL: EC9630EB - {EC9630EB-C001-42E3-AE10-2F3B6D087230} - C:\WINDOWS\system32\EC9630EB.dll
O21 - SSODL: 7243154B - {7243154B-6CE8-434D-BD99-961302942DA1} - C:\WINDOWS\system32\7243154B.dll
O21 - SSODL: F2FC9D59 - {F2FC9D59-7D13-48EC-A146-DE7BE915F89A} - C:\WINDOWS\system32\F2FC9D59.dll
O21 - SSODL: 159618C4 - {159618C4-D230-4E8C-A7B4-C1FBA3A83A9B} - C:\WINDOWS\system32\159618C4.dll
O21 - SSODL: C8A53922 - {C8A53922-BE24-4621-B77A-8D97C371B543} - C:\WINDOWS\system32\C8A53922.dll
O21 - SSODL: E0ACEE5E - {E0ACEE5E-4850-4ABF-AF5C-44710093FC26} - C:\WINDOWS\system32\E0ACEE5E.dll
O21 - SSODL: E2993CD3 - {E2993CD3-6506-4842-A390-97D4D8A08BF2} - C:\W”ý (file missing)
O21 - SSODL: 5C6D2558 - {5C6D2558-CBF7-4762-903E-BF786CE993CF} - C:\WINDOWS\system32\5C6D2558.dll
O21 - SSODL: 31A3B66D - {31A3B66D-C0CC-4122-A105-8F51F5EDB4DC} - C:\WINDOWS\system32\31A3B66D.dll
O21 - SSODL: F3A1DFD5 - {F3A1DFD5-8362-4B60-991F-DB612A12C447} - C:\WINDOWS\system32\F3A1DFD5.dll
O21 - SSODL: FE8B1EDD - {FE8B1EDD-9A68-49D4-A010-A10195EDADDF} - C:\WINDOWS\system32\FE8B1EDD.dll
O21 - SSODL: 47CF8F38 - {47CF8F38-19EA-4CE9-AC96-980AD2A97620} - C:\WINDOWS\system32\47CF8F38.dll
O21 - SSODL: E63F51B7 - {E63F51B7-0064-4D6C-A71B-507B64192E01} - C:\WINDOWS\system32\E63F51B7.dll
O21 - SSODL: FC192B38 - {FC192B38-9F74-4871-86E6-DFBD508A4D2D} - C:\WINDOWS\system32\FC192B38.dll
O21 - SSODL: 7E4296D6 - {7E4296D6-9A8C-4125-8CD0-84B7E5DD59E6} - C:\WINDOWS\system32\7E4296D6.dll
O21 - SSODL: C60CBF1A - {C60CBF1A-FAED-4E01-A38B-D13D398BF38E} - C:\WINDOWS\system32\C60CBF1A.dll
O21 - SSODL: 7044AB41 - {7044AB41-F524-416D-99F8-C8F1B1BA6833} - C:\WINDOWS\system32\7044AB41.dll
O21 - SSODL: B0CD19AD - {B0CD19AD-924D-4348-B9E6-18745AA6D8C9} - C:\WINDOWS\system32\B0CD19AD.dll
O21 - SSODL: A47298E3 - {A47298E3-8A65-497B-B802-8A53A93492E9} - C:\WINDOWS\system32\A47298E3.dll
O21 - SSODL: 139B8D72 - {139B8D72-13F4-46EB-8B13-E5C80E22F43D} - C:\WINDOWS\system32\139B8D72.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 13040 bytes

Juisterr

Legacy Member
1. Download de HostsXpert en unzip HostsXpert naar een eigen map, bijvoorbeeld C:\HostsXpert.

Start HostsXpert.exe

klik "restore microsoft's hosts files"

Sluit daarna het programma af.



Download Combofix naar je Bureaublad en gebruik het volgens deze handleiding.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
  • Dubbelklik op Combofix.exe om het te starten.
  • Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  • Klik op OK in het "NirCmd" venstertje.
  • Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
  • Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  • Klik na afloop terug op Ja om het scannen op malware te starten.
  • Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  • Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post dit logje in je volgende antwoord.

Plaats ook een nieuw HJT logje

Du-toube

Legacy Member
voor hostsXpert krijg ik deze error als ik klik op 'restore ms host files'

error: cannot create file c:\\windows\system32\drivers\etc\hosts


moet ik het dan nog doen ? of ...

Du-toube

Legacy Member
Hier de log van ComboFix.


ComboFix 09-01-01.02 - Nguyen 2009-01-03 13:35:01.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.173 [GMT 1:00]
Running from: c:\documents and settings\Nguyen\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\Unix_Sg.Jmp
c:\windows\system32\08223B03.cfg
c:\windows\system32\08223B03.dll
c:\windows\system32\122B901E.cfg
c:\windows\system32\122B901E.dll
c:\windows\system32\56BC86C7.cfg
c:\windows\system32\56BC86C7.dll
c:\windows\system32\9CA963CA.cfg
c:\windows\system32\9CA963CA.dll
c:\windows\system32\ali15e8b.dll
c:\windows\system32\ali15f5797.dll
c:\windows\system32\ali160f7.dll
c:\windows\system32\ali1644b.dll
c:\windows\system32\ali164af.dll
c:\windows\system32\ali16577.dll
c:\windows\system32\ali16a8d.dll
c:\windows\system32\ali16b73.dll
c:\windows\system32\ali16baf.dll
c:\windows\system32\ali1713d.dll
c:\windows\system32\ali175d1.dll
c:\windows\system32\ali1780c.dll
c:\windows\system32\ali17b37.dll
c:\windows\system32\ali17f8f.dll
c:\windows\system32\ali182ba.dll
c:\windows\system32\ali18472.dll
c:\windows\system32\ali186e9.dll
c:\windows\system32\ali1897e.dll
c:\windows\system32\ali18a83.dll
c:\windows\system32\ali18b41.dll
c:\windows\system32\ali198de.dll
c:\windows\system32\ali19b4b.dll
c:\windows\system32\ali1a2b0.dll
c:\windows\system32\ali1a56d.dll
c:\windows\system32\ali1d0bb.dll
c:\windows\system32\ali1f33b.dll
c:\windows\system32\ali1f47c.dll
c:\windows\system32\ali1f5402.dll
c:\windows\system32\ali1f6f3.dll
c:\windows\system32\ali1fb7c.dll
c:\windows\system32\ali2031d.dll
c:\windows\system32\ali20847.dll
c:\windows\system32\ali20b22.dll
c:\windows\system32\ali20c44.dll
c:\windows\system32\ali239a5.dll
c:\windows\system32\ali23d2a.dll
c:\windows\system32\ali2e59c.dll
c:\windows\system32\ali308d1.dll
c:\windows\system32\ali3e826.dll
c:\windows\system32\ali7b403.dll
c:\windows\system32\anyone360.dll
c:\windows\system32\b770ca2.sys
c:\windows\system32\csrss.dll
c:\windows\system32\D7C79813.cfg
c:\windows\system32\D7C79813.dll
c:\windows\system32\DA63E650.cfg
c:\windows\system32\DA63E650.dll
c:\windows\system32\E0D39066.cfg
c:\windows\system32\E0D39066.dll
c:\windows\system32\E1384213.cfg
c:\windows\system32\E1384213.dll
c:\windows\system32\HBASKTAO.dll
c:\windows\system32\HBCHIBI.dll
c:\windows\system32\HBKDXY.dll
c:\windows\system32\HBmhly.dll
c:\windows\system32\HBSHQ.dll
c:\windows\system32\HBTW2.dll
c:\windows\system32\HBW2I.dll
c:\windows\system32\HBWD.dll
c:\windows\system32\HBWOW.dll
c:\windows\system32\HBWULIN2.dll
c:\windows\system32\HBXY2.dll
c:\windows\system32\HBZG.dll
c:\windows\system32\HBZHUXIAN.dll
c:\windows\system32\r02012.exe
c:\windows\system32\r09017.exe
c:\windows\system32\r09018.exe
c:\windows\system32\r14026.exe
c:\windows\system32\r14034.exe
c:\windows\system32\r14038.exe
c:\windows\system32\r19027.exe
c:\windows\system32\r19029.exe
c:\windows\system32\r23012.exe
c:\windows\system32\r28008.exe
c:\windows\system32\r28009.exe
c:\windows\system32\sh02012.dll
c:\windows\system32\sh02012.ini
c:\windows\system32\sh09017.dll
c:\windows\system32\sh09017.ini
c:\windows\system32\sh09018.dll
c:\windows\system32\sh09018.ini
c:\windows\system32\sh14026.dll
c:\windows\system32\sh14026.ini
c:\windows\system32\sh14034.dll
c:\windows\system32\sh14034.ini
c:\windows\system32\sh14038.dll
c:\windows\system32\sh14038.ini
c:\windows\system32\sh19027.dll
c:\windows\system32\sh19027.ini
c:\windows\system32\sh19029.dll
c:\windows\system32\sh19029.ini
c:\windows\system32\sh23012.dll
c:\windows\system32\sh23012.ini
c:\windows\system32\sh28008.dll
c:\windows\system32\sh28008.ini
c:\windows\system32\sh28009.dll
c:\windows\system32\sh28009.ini
c:\windows\system32\system.exe
c:\windows\system32\taskmagr.exe
c:\windows\system32\wmdmpmsvc.dll

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\userinit.exe


Infected copy of c:\windows\system32\rpcss.dll was found and disinfected
Restored copy from - c:\windows\$NtUninstallKB894391$\rpcss.dll


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_msiffei


((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.

2009-01-02 12:35 . 2009-01-02 12:35 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-01-02 12:35 . 2009-01-02 12:35 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-01-02 12:35 . 2009-01-02 12:35 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-02 12:35 . 2009-01-02 12:35 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-02 12:23 . 2009-01-02 14:48 <DIR> d-------- C:\HostsXpert
2009-01-02 12:23 . 2009-01-02 12:22 353,485 --a------ C:\HostsXpert.zip
2009-01-02 12:07 . 2008-12-31 08:17 24,576 --a------ c:\windows\system32\127.tmp
2008-12-30 18:43 . 2008-12-30 18:43 <DIR> d-------- c:\program files\Trend Micro
2008-12-29 18:01 . 2008-12-29 18:01 93 --a------ c:\windows\wininit.ini
2008-12-28 20:18 . 2008-12-28 17:11 24,576 --a------ c:\windows\system32\7B.tmp
2008-12-28 20:18 . 2008-12-28 11:06 16,896 --a------ c:\windows\system32\79.tmp
2008-12-28 17:13 . 2008-12-28 17:13 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-21 18:55 . 2008-12-21 18:55 13,940 --ahs---- c:\windows\system32\AAC70E2B.dll
2008-12-21 18:55 . 2008-12-21 18:55 228 --ahs---- c:\windows\system32\AAC70E2B.cfg
2008-12-21 18:54 . 2008-12-29 17:57 219,758 --ahs---- c:\windows\system32\4FBFD5A4.dll
2008-12-21 18:54 . 2008-12-21 18:54 14,440 --ahs---- c:\windows\system32\198FF3D8.dll
2008-12-21 18:54 . 2008-12-21 18:54 216 --ahs---- c:\windows\system32\4FBFD5A4.cfg
2008-12-21 18:54 . 2008-12-21 18:54 204 --ahs---- c:\windows\system32\198FF3D8.cfg
2008-12-21 18:53 . 2008-12-21 18:53 5,504 --a------ c:\windows\system32\c6424110.sys
2008-12-21 18:47 . 2009-01-03 13:28 994 --a------ c:\windows\system32\sadfasdf.jpg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 20:35 --------- d-----w c:\program files\FlashGet
2008-12-03 16:59 --------- d-----w c:\documents and settings\Nguyen\Application Data\Image Zone Express
2008-09-22 16:31 24,992 -c--a-w c:\documents and settings\Nguyen\Application Data\GDIPFONTCACHEV1.DAT
2008-12-28 10:05 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-28 10:05 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-28 10:05 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-28 10:05 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-28 10:05 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-04-14 00:11 23,406 --sh--w c:\windows\system32\alibaba32.exe
2008-04-14 00:11 23,587 --sh--w c:\windows\system32\alien32.exe
2008-04-14 00:11 21,532 --sh--w c:\windows\system32\anyone360.exe
2008-09-20 11:14 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092020080921\index.dat
2008-05-09 20:18 55,328 -csha-w c:\windows\system32\drivers\fidbox.dat
2008-05-09 20:20 1,824 -csha-w c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2001-10-03 4247552]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-26 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]

c:\documents and settings\Nguyen\Start Menu\Programs\Startup\
Alcatel Speedtouch Connection (2).lnk - c:\program files\Alcatel\SpeedTouch USB\STDialUp.exe [2007-12-17 2256896]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5B099C6A-A846-4719-90F7-02449FA79B54}"= "c:\windows\system32\5B099C6A.dll" [2008-08-14 36864]
"{1FE7E361-ED93-4ACB-92E2-D683223C817A}"= "c:\windows\system32\1FE7E361.dll" [2008-08-14 36864]
"{9F1FEBCC-D5D4-47DC-B221-E1F42C5620CC}"= "c:\windows\system32\9F1FEBCC.dll" [2008-08-14 36864]
"{C6F6B780-061B-4237-9364-61ED228BC11B}"= "c:\windows\system32\C6F6B780.dll" [2008-08-14 36864]
"{C9BA3E1A-D040-48F0-949F-C158E8D62AED}"= "c:\windows\system32\C9BA3E1A.dll" [2008-08-14 36864]
"{E1A5A48F-2742-42E8-B7A7-BBB5D57EF93C}"= "c:\windows\system32\E1A5A48F.dll" [2008-08-14 36864]
"{D4B844A0-2ABC-4268-80C3-FE4F0AF15804}"= "c:\windows\system32\D4B844A0.dll" [2008-08-14 26624]
"{D53819B4-AD4A-4163-A224-0AB4422483D3}"= "c:\windows\system32\D53819B4.dll" [2008-08-14 36864]
"{F7885EE1-EACB-443F-B720-83977E48980A}"= "c:\windows\system32\F7885EE1.dll" [2008-08-14 36864]
"{D9F46778-5BA7-447D-8088-EAE6C1080606}"= "c:\windows\system32\D9F46778.dll" [2008-08-14 26624]
"{32729D3D-75A4-465B-BB2F-68E136E9E75C}"= "c:\windows\system32\32729D3D.dll" [2008-08-14 36864]
"{4F347056-06EF-4AF1-ABEE-685A005A34EE}"= "c:\windows\system32\4F347056.dll" [2008-08-14 25600]
"{67C41A85-38B6-4BA7-8EFD-369660EE8812}"= "c:\windows\system32\67C41A85.dll" [2008-08-14 25600]
"{4DA55BB5-3E31-4C21-9490-2195530057E6}"= "c:\windows\system32\4DA55BB5.dll" [2008-08-14 36864]
"{A1F96EBA-53F7-48AD-9318-9568BD592B60}"= "c:\windows\system32\A1F96EBA.dll" [2008-08-14 27648]
"{199C3329-CD6D-42AC-AC2B-E38FD8122E36}"= "c:\windows\system32\199C3329.dll" [2008-08-14 29184]
"{2CCD7654-1421-4E63-AF9F-4094389663B8}"= "c:\windows\system32\2CCD7654.dll" [2008-08-14 29184]
"{77073D2D-C693-4A8B-BD95-068595A08037}"= "c:\windows\system32\77073D2D.dll" [2008-08-14 30720]
"{05C656CA-8EE7-4CD9-80C9-A77E8ABDB003}"= "c:\windows\system32\05C656CA.dll" [2008-08-14 11:11 36864]
"{87F04417-8290-436B-AE2B-102C8C104F4E}"= "c:\windows\system32\87F04417.dll" [2008-08-14 36864]
"{F4D33A39-7922-48FB-BEB9-A10F5AE268C5}"= "c:\windows\system32\F4D33A39.dll" [2008-08-14 26624]
"{A07DA569-EA60-4B27-B6A4-605003EA5EDB}"= "c:\windows\system32\A07DA569.dll" [2008-08-14 36864]
"{AB7511D7-CC52-443A-B720-27BE5F958CCD}"= "c:\windows\system32\AB7511D7.dll" [2008-08-14 25600]
"{793146B5-FDC4-43D7-B1CF-EDB1B3BC841E}"= "c:\windows\system32\793146B5.dll" [2008-08-14 25600]
"{440C4E72-8580-47D5-B604-C88E38D627F5}"= "c:\windows\system32\440C4E72.dll" [2008-08-14 36864]
"{F0926B46-5362-4CC0-8320-18223640556D}"= "c:\windows\system32\F0926B46.dll" [2008-08-14 27648]
"{FCA50F61-7554-425F-B6F2-9A80E51AABDC}"= "c:\windows\system32\FCA50F61.dll" [2008-08-14 29184]
"{95D63313-F25F-424F-A61E-7D5B96837E9A}"= "c:\windows\system32\95D63313.dll" [2008-08-14 29184]
"{798E4F1A-63CA-4A5E-975A-06B59AC08106}"= "c:\windows\system32\798E4F1A.dll" [2008-08-14 30208]
"{0EEFB5F6-DE92-4519-AAFC-4822A2949443}"= "c:\windows\system32\0EEFB5F6.dll" [2008-08-14 11:11 30720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"5B099C6A"= {5B099C6A-A846-4719-90F7-02449FA79B54} - c:\windows\system32\5B099C6A.dll [2008-08-14 36864]
"1FE7E361"= {1FE7E361-ED93-4ACB-92E2-D683223C817A} - c:\windows\system32\1FE7E361.dll [2008-08-14 36864]
"9F1FEBCC"= {9F1FEBCC-D5D4-47DC-B221-E1F42C5620CC} - c:\windows\system32\9F1FEBCC.dll [2008-08-14 36864]
"C6F6B780"= {C6F6B780-061B-4237-9364-61ED228BC11B} - c:\windows\system32\C6F6B780.dll [2008-08-14 36864]
"C9BA3E1A"= {C9BA3E1A-D040-48F0-949F-C158E8D62AED} - c:\windows\system32\C9BA3E1A.dll [2008-08-14 36864]
"E1A5A48F"= {E1A5A48F-2742-42E8-B7A7-BBB5D57EF93C} - c:\windows\system32\E1A5A48F.dll [2008-08-14 36864]
"D4B844A0"= {D4B844A0-2ABC-4268-80C3-FE4F0AF15804} - c:\windows\system32\D4B844A0.dll [2008-08-14 26624]
"D53819B4"= {D53819B4-AD4A-4163-A224-0AB4422483D3} - c:\windows\system32\D53819B4.dll [2008-08-14 36864]
"F7885EE1"= {F7885EE1-EACB-443F-B720-83977E48980A} - c:\windows\system32\F7885EE1.dll [2008-08-14 36864]
"D9F46778"= {D9F46778-5BA7-447D-8088-EAE6C1080606} - c:\windows\system32\D9F46778.dll [2008-08-14 26624]
"32729D3D"= {32729D3D-75A4-465B-BB2F-68E136E9E75C} - c:\windows\system32\32729D3D.dll [2008-08-14 36864]
"4F347056"= {4F347056-06EF-4AF1-ABEE-685A005A34EE} - c:\windows\system32\4F347056.dll [2008-08-14 25600]
"67C41A85"= {67C41A85-38B6-4BA7-8EFD-369660EE8812} - c:\windows\system32\67C41A85.dll [2008-08-14 25600]
"4DA55BB5"= {4DA55BB5-3E31-4C21-9490-2195530057E6} - c:\windows\system32\4DA55BB5.dll [2008-08-14 36864]
"A1F96EBA"= {A1F96EBA-53F7-48AD-9318-9568BD592B60} - c:\windows\system32\A1F96EBA.dll [2008-08-14 27648]
"199C3329"= {199C3329-CD6D-42AC-AC2B-E38FD8122E36} - c:\windows\system32\199C3329.dll [2008-08-14 29184]
"2CCD7654"= {2CCD7654-1421-4E63-AF9F-4094389663B8} - c:\windows\system32\2CCD7654.dll [2008-08-14 29184]
"77073D2D"= {77073D2D-C693-4A8B-BD95-068595A08037} - c:\windows\system32\77073D2D.dll [2008-08-14 30720]
"05C656CA"= {05C656CA-8EE7-4CD9-80C9-A77E8ABDB003} - c:\windows\system32\05C656CA.dll [2008-08-14 11:11 36864]
"87F04417"= {87F04417-8290-436B-AE2B-102C8C104F4E} - c:\windows\system32\87F04417.dll [2008-08-14 36864]
"F4D33A39"= {F4D33A39-7922-48FB-BEB9-A10F5AE268C5} - c:\windows\system32\F4D33A39.dll [2008-08-14 26624]
"A07DA569"= {A07DA569-EA60-4B27-B6A4-605003EA5EDB} - c:\windows\system32\A07DA569.dll [2008-08-14 36864]
"AB7511D7"= {AB7511D7-CC52-443A-B720-27BE5F958CCD} - c:\windows\system32\AB7511D7.dll [2008-08-14 25600]
"793146B5"= {793146B5-FDC4-43D7-B1CF-EDB1B3BC841E} - c:\windows\system32\793146B5.dll [2008-08-14 25600]
"440C4E72"= {440C4E72-8580-47D5-B604-C88E38D627F5} - c:\windows\system32\440C4E72.dll [2008-08-14 36864]
"F0926B46"= {F0926B46-5362-4CC0-8320-18223640556D} - c:\windows\system32\F0926B46.dll [2008-08-14 27648]
"FCA50F61"= {FCA50F61-7554-425F-B6F2-9A80E51AABDC} - c:\windows\system32\FCA50F61.dll [2008-08-14 29184]
"95D63313"= {95D63313-F25F-424F-A61E-7D5B96837E9A} - c:\windows\system32\95D63313.dll [2008-08-14 29184]
"798E4F1A"= {798E4F1A-63CA-4A5E-975A-06B59AC08106} - c:\windows\system32\798E4F1A.dll [2008-08-14 30208]
"0EEFB5F6"= {0EEFB5F6-DE92-4519-AAFC-4822A2949443} - c:\windows\system32\0EEFB5F6.dll [2008-08-14 11:11 30720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=793146B5.dll,AB7511D7.dll,A07DA569.dll,F4D33A39.dll,87F04417.dll,05C656CA.dll,77073D2D.dll,2CCD7654.dll,199C3329.dll,0EEFB5F6.dll,798E4F1A.dll,95D63313.dll,FCA50F61.dll,F0926B46.dll,440C4E72.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nguyen^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\documents and settings\Nguyen\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2008-11-10 17:46 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-09-20 08:21 1994800 c:\program files\FlashGet\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 17:34 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaBtSh]
--a--c--- 2006-02-08 16:29 24576 c:\program files\Mobile Action\Bluetooth Manager\MaBtSh.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 Ma730Pt;MA730 Bluetooth VCOM Driver;c:\windows\system32\DRIVERS\Ma730Pt.sys [2007-07-23 103040]
R3 Ma730Vad;MA730 Bluetooth Audio;c:\windows\system32\DRIVERS\Ma730Vad.sys [2007-07-23 23376]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2006-03-24 33536]
S3 Ma730c;MA730 Bluetooth Core Driver;c:\windows\system32\DRIVERS\MA730C.sys [2007-07-23 156128]
S3 VNICPKT5;VNICPKT5 Protocol Driver;\??\c:\windows\System32\VNICPKT5.SYS [2007-07-22 16066]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20a76b85-3ec0-11dd-9b59-0090d043944d}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e1edbe0-ae01-11dc-980d-0090d043944d}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-beid - D:\beid35gui.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_05\bin\jusched.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-ZangoOE - c:\program files\Zango\bin\10.1.181.0\OEAddOn.exe
MSConfigStartUp-ZangoSA - c:\program files\Zango\bin\10.1.181.0\ZangoSA.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.be/
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Nguyen\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: {465DA6C4-6D5C-4F0D-8DE4-5D48525FABFB} = 195.238.2.21 195.238.2.22

c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game11.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf
FF - ProfilePath - c:\documents and settings\Nguyen\Application Data\Mozilla\Firefox\Profiles\1qtbtvno.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 13:41:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\scardsvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\windows\system32\devldr32.exe
.
**************************************************************************
.
Completion time: 2009-01-03 13:46:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-03 12:46:02
ComboFix2.txt 2008-05-20 10:46:54

Pre-Run: 2.139.279.360 bytes free
Post-Run: 2,108,391,424 bytes free

364 --- E O F --- 2008-10-24 07:14:42

Du-toube

Legacy Member
En hier nog eens een HijackThis-logfile.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:51:16, on 3/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Alcatel Speedtouch Connection (2).lnk = C:\Program Files\Alcatel\SpeedTouch USB\STDialUp.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Nguyen\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://liezj1987.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{465DA6C4-6D5C-4F0D-8DE4-5D48525FABFB}: NameServer = 195.238.2.21 195.238.2.22
O20 - AppInit_DLLs: 0EEFB5F6.dll,798E4F1A.dll,95D63313.dll,FCA50F61.dll,F0926B46.dll,440C4E72.dll,793146B5.dll,AB7511D7.dll,A07DA569.dll,F4D33A39.dll,87F04417.dll,05C656CA.dll,77073D2D.dll,2CCD7654.dll,199C3329.dll,A1F96EBA.dll,4DA55BB5.dll,67C41A85.dll,4F347056.dll,32729D3D.dll,D9F46778.dll,F7885EE1.dll,D53819B4.dll,D4B844A0.dll,E1A5A48F.dll,C9BA3E1A.dll,C6F6B780.dll,9F1FEBCC.dll,1FE7E361.dll,5B099C6A.dll
O21 - SSODL: 5B099C6A - {5B099C6A-A846-4719-90F7-02449FA79B54} - C:\WINDOWS\system32\5B099C6A.dll
O21 - SSODL: 1FE7E361 - {1FE7E361-ED93-4ACB-92E2-D683223C817A} - C:\WINDOWS\system32\1FE7E361.dll
O21 - SSODL: 9F1FEBCC - {9F1FEBCC-D5D4-47DC-B221-E1F42C5620CC} - C:\WINDOWS\system32\9F1FEBCC.dll
O21 - SSODL: C6F6B780 - {C6F6B780-061B-4237-9364-61ED228BC11B} - C:\WINDOWS\system32\C6F6B780.dll
O21 - SSODL: C9BA3E1A - {C9BA3E1A-D040-48F0-949F-C158E8D62AED} - C:\WINDOWS\system32\C9BA3E1A.dll
O21 - SSODL: E1A5A48F - {E1A5A48F-2742-42E8-B7A7-BBB5D57EF93C} - C:\WINDOWS\system32\E1A5A48F.dll
O21 - SSODL: D4B844A0 - {D4B844A0-2ABC-4268-80C3-FE4F0AF15804} - C:\WINDOWS\system32\D4B844A0.dll
O21 - SSODL: D53819B4 - {D53819B4-AD4A-4163-A224-0AB4422483D3} - C:\WINDOWS\system32\D53819B4.dll
O21 - SSODL: F7885EE1 - {F7885EE1-EACB-443F-B720-83977E48980A} - C:\WINDOWS\system32\F7885EE1.dll
O21 - SSODL: D9F46778 - {D9F46778-5BA7-447D-8088-EAE6C1080606} - C:\WINDOWS\system32\D9F46778.dll
O21 - SSODL: 32729D3D - {32729D3D-75A4-465B-BB2F-68E136E9E75C} - C:\WINDOWS\system32\32729D3D.dll
O21 - SSODL: 4F347056 - {4F347056-06EF-4AF1-ABEE-685A005A34EE} - C:\WINDOWS\system32\4F347056.dll
O21 - SSODL: 67C41A85 - {67C41A85-38B6-4BA7-8EFD-369660EE8812} - C:\WINDOWS\system32\67C41A85.dll
O21 - SSODL: 4DA55BB5 - {4DA55BB5-3E31-4C21-9490-2195530057E6} - C:\WINDOWS\system32\4DA55BB5.dll
O21 - SSODL: A1F96EBA - {A1F96EBA-53F7-48AD-9318-9568BD592B60} - C:\WINDOWS\system32\A1F96EBA.dll
O21 - SSODL: 199C3329 - {199C3329-CD6D-42AC-AC2B-E38FD8122E36} - C:\WINDOWS\system32\199C3329.dll
O21 - SSODL: 2CCD7654 - {2CCD7654-1421-4E63-AF9F-4094389663B8} - C:\WINDOWS\system32\2CCD7654.dll
O21 - SSODL: 77073D2D - {77073D2D-C693-4A8B-BD95-068595A08037} - C:\WINDOWS\system32\77073D2D.dll
O21 - SSODL: 05C656CA - {05C656CA-8EE7-4CD9-80C9-A77E8ABDB003} - C:\WINDOWS\system32\05C656CA.dll
O21 - SSODL: 87F04417 - {87F04417-8290-436B-AE2B-102C8C104F4E} - C:\WINDOWS\system32\87F04417.dll
O21 - SSODL: F4D33A39 - {F4D33A39-7922-48FB-BEB9-A10F5AE268C5} - C:\WINDOWS\system32\F4D33A39.dll
O21 - SSODL: A07DA569 - {A07DA569-EA60-4B27-B6A4-605003EA5EDB} - C:\WINDOWS\system32\A07DA569.dll
O21 - SSODL: AB7511D7 - {AB7511D7-CC52-443A-B720-27BE5F958CCD} - C:\WINDOWS\system32\AB7511D7.dll
O21 - SSODL: 793146B5 - {793146B5-FDC4-43D7-B1CF-EDB1B3BC841E} - C:\WINDOWS\system32\793146B5.dll
O21 - SSODL: 440C4E72 - {440C4E72-8580-47D5-B604-C88E38D627F5} - C:\WINDOWS\system32\440C4E72.dll
O21 - SSODL: F0926B46 - {F0926B46-5362-4CC0-8320-18223640556D} - C:\WINDOWS\system32\F0926B46.dll
O21 - SSODL: FCA50F61 - {FCA50F61-7554-425F-B6F2-9A80E51AABDC} - C:\WINDOWS\system32\FCA50F61.dll
O21 - SSODL: 95D63313 - {95D63313-F25F-424F-A61E-7D5B96837E9A} - C:\WINDOWS\system32\95D63313.dll
O21 - SSODL: 798E4F1A - {798E4F1A-63CA-4A5E-975A-06B59AC08106} - C:\WINDOWS\system32\798E4F1A.dll
O21 - SSODL: 0EEFB5F6 - {0EEFB5F6-DE92-4519-AAFC-4822A2949443} - C:\WINDOWS\system32\0EEFB5F6.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Juisterr

Legacy Member
Download MalwareBytes' Anti-Malware en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:
  • Update MalwareBytes' Anti-Malware
  • Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
  • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  • Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  • Druk vervolgens op "Scannen" om de scan te starten.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Plaats dit logje samen met een nieuw logje van HijackThis.

Du-toube

Legacy Member
Hier het logje van Malware:

Malwarebytes' Anti-Malware 1.31
Database versie: 1456
Windows 5.1.2600 Service Pack 3

3/01/2009 21:15:20
mbam-log-2009-01-03 (21-15-19).txt

Scan type: Snelle Scan
Objecten gescand: 50346
Verstreken tijd: 8 minute(s), 39 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 2
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 1
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 2

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\msvbcr40.msvbcr40 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msvbcr40.msvbcr40.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully.

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
C:\WINDOWS\system32\anyone360.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvbcr40.dll (Trojan.BHO) -> Quarantined and deleted successfully.


En hier die van Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:37, on 3/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Alcatel Speedtouch Connection (2).lnk = C:\Program Files\Alcatel\SpeedTouch USB\STDialUp.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Nguyen\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://liezj1987.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{465DA6C4-6D5C-4F0D-8DE4-5D48525FABFB}: NameServer = 195.238.2.21 195.238.2.22
O20 - AppInit_DLLs: 0EEFB5F6.dll,798E4F1A.dll,95D63313.dll,FCA50F61.dll,F0926B46.dll,440C4E72.dll,793146B5.dll,AB7511D7.dll,A07DA569.dll,F4D33A39.dll,87F04417.dll,05C656CA.dll,77073D2D.dll,2CCD7654.dll,199C3329.dll,A1F96EBA.dll,4DA55BB5.dll,67C41A85.dll,4F347056.dll,32729D3D.dll,D9F46778.dll,F7885EE1.dll,D53819B4.dll,D4B844A0.dll,E1A5A48F.dll,C9BA3E1A.dll,C6F6B780.dll,9F1FEBCC.dll,1FE7E361.dll,5B099C6A.dll
O21 - SSODL: 5B099C6A - {5B099C6A-A846-4719-90F7-02449FA79B54} - C:\WINDOWS\system32\5B099C6A.dll
O21 - SSODL: 1FE7E361 - {1FE7E361-ED93-4ACB-92E2-D683223C817A} - C:\WINDOWS\system32\1FE7E361.dll
O21 - SSODL: 9F1FEBCC - {9F1FEBCC-D5D4-47DC-B221-E1F42C5620CC} - C:\WINDOWS\system32\9F1FEBCC.dll
O21 - SSODL: C6F6B780 - {C6F6B780-061B-4237-9364-61ED228BC11B} - C:\WINDOWS\system32\C6F6B780.dll
O21 - SSODL: C9BA3E1A - {C9BA3E1A-D040-48F0-949F-C158E8D62AED} - C:\WINDOWS\system32\C9BA3E1A.dll
O21 - SSODL: E1A5A48F - {E1A5A48F-2742-42E8-B7A7-BBB5D57EF93C} - C:\WINDOWS\system32\E1A5A48F.dll
O21 - SSODL: D4B844A0 - {D4B844A0-2ABC-4268-80C3-FE4F0AF15804} - C:\WINDOWS\system32\D4B844A0.dll
O21 - SSODL: D53819B4 - {D53819B4-AD4A-4163-A224-0AB4422483D3} - C:\WINDOWS\system32\D53819B4.dll
O21 - SSODL: F7885EE1 - {F7885EE1-EACB-443F-B720-83977E48980A} - C:\WINDOWS\system32\F7885EE1.dll
O21 - SSODL: D9F46778 - {D9F46778-5BA7-447D-8088-EAE6C1080606} - C:\WINDOWS\system32\D9F46778.dll
O21 - SSODL: 32729D3D - {32729D3D-75A4-465B-BB2F-68E136E9E75C} - C:\WINDOWS\system32\32729D3D.dll
O21 - SSODL: 4F347056 - {4F347056-06EF-4AF1-ABEE-685A005A34EE} - C:\WINDOWS\system32\4F347056.dll
O21 - SSODL: 67C41A85 - {67C41A85-38B6-4BA7-8EFD-369660EE8812} - C:\WINDOWS\system32\67C41A85.dll
O21 - SSODL: 4DA55BB5 - {4DA55BB5-3E31-4C21-9490-2195530057E6} - C:\WINDOWS\system32\4DA55BB5.dll
O21 - SSODL: A1F96EBA - {A1F96EBA-53F7-48AD-9318-9568BD592B60} - C:\WINDOWS\system32\A1F96EBA.dll
O21 - SSODL: 199C3329 - {199C3329-CD6D-42AC-AC2B-E38FD8122E36} - C:\WINDOWS\system32\199C3329.dll
O21 - SSODL: 2CCD7654 - {2CCD7654-1421-4E63-AF9F-4094389663B8} - C:\WINDOWS\system32\2CCD7654.dll
O21 - SSODL: 77073D2D - {77073D2D-C693-4A8B-BD95-068595A08037} - C:\WINDOWS\system32\77073D2D.dll
O21 - SSODL: 05C656CA - {05C656CA-8EE7-4CD9-80C9-A77E8ABDB003} - C:\WINDOWS\system32\05C656CA.dll
O21 - SSODL: 87F04417 - {87F04417-8290-436B-AE2B-102C8C104F4E} - C:\WINDOWS\system32\87F04417.dll
O21 - SSODL: F4D33A39 - {F4D33A39-7922-48FB-BEB9-A10F5AE268C5} - C:\WINDOWS\system32\F4D33A39.dll
O21 - SSODL: A07DA569 - {A07DA569-EA60-4B27-B6A4-605003EA5EDB} - C:\WINDOWS\system32\A07DA569.dll
O21 - SSODL: AB7511D7 - {AB7511D7-CC52-443A-B720-27BE5F958CCD} - C:\WINDOWS\system32\AB7511D7.dll
O21 - SSODL: 793146B5 - {793146B5-FDC4-43D7-B1CF-EDB1B3BC841E} - C:\WINDOWS\system32\793146B5.dll
O21 - SSODL: 440C4E72 - {440C4E72-8580-47D5-B604-C88E38D627F5} - C:\WINDOWS\system32\440C4E72.dll
O21 - SSODL: F0926B46 - {F0926B46-5362-4CC0-8320-18223640556D} - C:\WINDOWS\system32\F0926B46.dll
O21 - SSODL: FCA50F61 - {FCA50F61-7554-425F-B6F2-9A80E51AABDC} - C:\WINDOWS\system32\FCA50F61.dll
O21 - SSODL: 95D63313 - {95D63313-F25F-424F-A61E-7D5B96837E9A} - C:\WINDOWS\system32\95D63313.dll
O21 - SSODL: 798E4F1A - {798E4F1A-63CA-4A5E-975A-06B59AC08106} - C:\WINDOWS\system32\798E4F1A.dll
O21 - SSODL: 0EEFB5F6 - {0EEFB5F6-DE92-4519-AAFC-4822A2949443} - C:\WINDOWS\system32\0EEFB5F6.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9728 bytes

Du-toube

Legacy Member
( vergeten dank u te zeggen voor de moeite tot nu toe )

start menu werkt nog altijd niet zoals het moet helaas :)

start ( menu komt op )
all programs ( lijst met applicaties komt op )
kga met muis over de lijst die is opgekomen uit all programs , gebeurt niets, kan klikken maar gebeurt ook niets.

Juisterr

Legacy Member
Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
c:\windows\system32\5B099C6A.dll
c:\windows\system32\1FE7E361.dll
c:\windows\system32\9F1FEBCC.dll
c:\windows\system32\C6F6B780.dll
c:\windows\system32\C9BA3E1A.dll
c:\windows\system32\E1A5A48F.dll
c:\windows\system32\D4B844A0.dll
c:\windows\system32\D53819B4.dll
c:\windows\system32\F7885EE1.dll
c:\windows\system32\D9F46778.dll
c:\windows\system32\32729D3D.dll
c:\windows\system32\4F347056.dll
c:\windows\system32\67C41A85.dll
c:\windows\system32\4DA55BB5.dll
c:\windows\system32\A1F96EBA.dll
c:\windows\system32\199C3329.dll
c:\windows\system32\2CCD7654.dll
c:\windows\system32\77073D2D.dll
c:\windows\system32\05C656CA.dll
c:\windows\system32\87F04417.dll
c:\windows\system32\F4D33A39.dll
c:\windows\system32\A07DA569.dll
c:\windows\system32\AB7511D7.dll
c:\windows\system32\793146B5.dll
c:\windows\system32\440C4E72.dll
c:\windows\system32\F0926B46.dll
c:\windows\system32\FCA50F61.dll
c:\windows\system32\95D63313.dll
c:\windows\system32\798E4F1A.dll
c:\windows\system32\0EEFB5F6.dll

Registry::
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5B099C6A-A846-4719-90F7-02449FA79B54}"=-
"{1FE7E361-ED93-4ACB-92E2-D683223C817A}"=-
"{9F1FEBCC-D5D4-47DC-B221-E1F42C5620CC}"=-
"{C6F6B780-061B-4237-9364-61ED228BC11B}"=-
"{C9BA3E1A-D040-48F0-949F-C158E8D62AED}"=-
"{E1A5A48F-2742-42E8-B7A7-BBB5D57EF93C}"=-
"{D4B844A0-2ABC-4268-80C3-FE4F0AF15804}"=-
"{D53819B4-AD4A-4163-A224-0AB4422483D3}"=
"{F7885EE1-EACB-443F-B720-83977E48980A}"=-
"{D9F46778-5BA7-447D-8088-EAE6C1080606}"=-
"{32729D3D-75A4-465B-BB2F-68E136E9E75C}"=-
"{4F347056-06EF-4AF1-ABEE-685A005A34EE}"=-
"{67C41A85-38B6-4BA7-8EFD-369660EE8812}"=-
"{4DA55BB5-3E31-4C21-9490-2195530057E6}"=-
"{A1F96EBA-53F7-48AD-9318-9568BD592B60}"=-
"{199C3329-CD6D-42AC-AC2B-E38FD8122E36}"=-
"{2CCD7654-1421-4E63-AF9F-4094389663B8}"=-
"{77073D2D-C693-4A8B-BD95-068595A08037}"=-
"{05C656CA-8EE7-4CD9-80C9-A77E8ABDB003}"=-
"{87F04417-8290-436B-AE2B-102C8C104F4E}"=-
"{F4D33A39-7922-48FB-BEB9-A10F5AE268C5}"=-
"{A07DA569-EA60-4B27-B6A4-605003EA5EDB}"=-
"{AB7511D7-CC52-443A-B720-27BE5F958CCD}"=-
"{793146B5-FDC4-43D7-B1CF-EDB1B3BC841E}"=-
"{440C4E72-8580-47D5-B604-C88E38D627F5}"=-
"{F0926B46-5362-4CC0-8320-18223640556D}"=-
"{FCA50F61-7554-425F-B6F2-9A80E51AABDC}"=-
"{95D63313-F25F-424F-A61E-7D5B96837E9A}"=-
"{798E4F1A-63CA-4A5E-975A-06B59AC08106}"=-
"{0EEFB5F6-DE92-4519-AAFC-4822A2949443}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"5B099C6A"=-
"1FE7E361"=-
"9F1FEBCC"=-
"C6F6B780"=-
"C9BA3E1A"=-
"E1A5A48F"=-
"D4B844A0"=-
"D53819B4"=-
"F7885EE1"=-
"D9F46778"=-
"32729D3D"=-
"4F347056"=-
"67C41A85"=-
"4DA55BB5"=-
"A1F96EBA"=-
"199C3329"=-
"2CCD7654"=-
"77073D2D"=-
"05C656CA"=-
"87F04417"=-
"F4D33A39"=-
"A07DA569"=-
"AB7511D7"=-
"793146B5"=-
"440C4E72"=-
"F0926B46"=-
"FCA50F61"=-
"95D63313"=-
"798E4F1A"=-
"0EEFB5F6"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""




Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

CFScriptB-4.gif




Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord samen met een nieuw HJT logje aub

Du-toube

Legacy Member
ComboFix Log :

ComboFix 09-01-01.02 - Nguyen 2009-01-04 20:25:48.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.256 [GMT 1:00]
Running from: c:\documents and settings\Nguyen\Desktop\Antivirus\ComboFix.exe
Command switches used :: c:\documents and settings\Nguyen\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\05C656CA.dll
c:\windows\system32\0EEFB5F6.dll
c:\windows\system32\199C3329.dll
c:\windows\system32\1FE7E361.dll
c:\windows\system32\2CCD7654.dll
c:\windows\system32\32729D3D.dll
c:\windows\system32\440C4E72.dll
c:\windows\system32\4DA55BB5.dll
c:\windows\system32\4F347056.dll
c:\windows\system32\5B099C6A.dll
c:\windows\system32\67C41A85.dll
c:\windows\system32\77073D2D.dll
c:\windows\system32\793146B5.dll
c:\windows\system32\798E4F1A.dll
c:\windows\system32\87F04417.dll
c:\windows\system32\95D63313.dll
c:\windows\system32\9F1FEBCC.dll
c:\windows\system32\A07DA569.dll
c:\windows\system32\A1F96EBA.dll
c:\windows\system32\AB7511D7.dll
c:\windows\system32\C6F6B780.dll
c:\windows\system32\C9BA3E1A.dll
c:\windows\system32\D4B844A0.dll
c:\windows\system32\D53819B4.dll
c:\windows\system32\D9F46778.dll
c:\windows\system32\E1A5A48F.dll
c:\windows\system32\F0926B46.dll
c:\windows\system32\F4D33A39.dll
c:\windows\system32\F7885EE1.dll
c:\windows\system32\FCA50F61.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\05C656CA.dll
c:\windows\system32\0EEFB5F6.dll
c:\windows\system32\199C3329.dll
c:\windows\system32\1FE7E361.dll
c:\windows\system32\2CCD7654.dll
c:\windows\system32\32729D3D.dll
c:\windows\system32\440C4E72.dll
c:\windows\system32\4DA55BB5.dll
c:\windows\system32\4F347056.dll
c:\windows\system32\5B099C6A.dll
c:\windows\system32\67C41A85.dll
c:\windows\system32\77073D2D.dll
c:\windows\system32\793146B5.dll
c:\windows\system32\798E4F1A.dll
c:\windows\system32\87F04417.dll
c:\windows\system32\95D63313.dll
c:\windows\system32\9F1FEBCC.dll
c:\windows\system32\A07DA569.dll
c:\windows\system32\A1F96EBA.dll
c:\windows\system32\AB7511D7.dll
c:\windows\system32\C6F6B780.dll
c:\windows\system32\C9BA3E1A.dll
c:\windows\system32\D4B844A0.dll
c:\windows\system32\D53819B4.dll
c:\windows\system32\D9F46778.dll
c:\windows\system32\E1A5A48F.dll
c:\windows\system32\F0926B46.dll
c:\windows\system32\F4D33A39.dll
c:\windows\system32\F7885EE1.dll
c:\windows\system32\FCA50F61.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-03 20:58 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-03 14:44 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-02 12:35 . 2009-01-02 12:35 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-01-02 12:35 . 2009-01-02 12:35 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-01-02 12:35 . 2009-01-02 12:35 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-02 12:35 . 2009-01-02 12:35 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-02 12:07 . 2008-12-31 08:17 24,576 --a------ c:\windows\system32\127.tmp
2008-12-30 18:43 . 2008-12-30 18:43 <DIR> d-------- c:\program files\Trend Micro
2008-12-29 18:01 . 2008-12-29 18:01 93 --a------ c:\windows\wininit.ini
2008-12-28 20:18 . 2008-12-28 17:11 24,576 --a------ c:\windows\system32\7B.tmp
2008-12-28 20:18 . 2008-12-28 11:06 16,896 --a------ c:\windows\system32\79.tmp
2008-12-28 17:13 . 2008-12-28 17:13 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-21 18:55 . 2008-12-21 18:55 13,940 --ahs---- c:\windows\system32\AAC70E2B.dll
2008-12-21 18:55 . 2008-12-21 18:55 228 --ahs---- c:\windows\system32\AAC70E2B.cfg
2008-12-21 18:54 . 2008-12-29 17:57 219,758 --ahs---- c:\windows\system32\4FBFD5A4.dll
2008-12-21 18:54 . 2008-12-21 18:54 14,440 --ahs---- c:\windows\system32\198FF3D8.dll
2008-12-21 18:54 . 2008-12-21 18:54 216 --ahs---- c:\windows\system32\4FBFD5A4.cfg
2008-12-21 18:54 . 2008-12-21 18:54 204 --ahs---- c:\windows\system32\198FF3D8.cfg
2008-12-21 18:53 . 2008-12-21 18:53 5,504 --a------ c:\windows\system32\c6424110.sys
2008-12-21 18:47 . 2009-01-03 13:28 994 --a------ c:\windows\system32\sadfasdf.jpg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 20:35 --------- d-----w c:\program files\FlashGet
2008-12-03 16:59 --------- d-----w c:\documents and settings\Nguyen\Application Data\Image Zone Express
2008-09-22 16:31 24,992 -c--a-w c:\documents and settings\Nguyen\Application Data\GDIPFONTCACHEV1.DAT
2008-12-28 10:05 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-28 10:05 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-28 10:05 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-28 10:05 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-28 10:05 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-04-14 00:11 23,406 --sh--w c:\windows\system32\alibaba32.exe
2008-04-14 00:11 23,587 --sh--w c:\windows\system32\alien32.exe
2008-09-20 11:14 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092020080921\index.dat
2008-05-09 20:18 55,328 -csha-w c:\windows\system32\drivers\fidbox.dat
2008-05-09 20:20 1,824 -csha-w c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-03_13.44.14.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-04 19:30:57 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_66c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2001-10-03 4247552]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-26 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]

c:\documents and settings\Nguyen\Start Menu\Programs\Startup\
Alcatel Speedtouch Connection (2).lnk - c:\program files\Alcatel\SpeedTouch USB\STDialUp.exe [2007-12-17 2256896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"= ctwdm32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nguyen^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\documents and settings\Nguyen\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2008-11-10 17:46 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-09-20 08:21 1994800 c:\program files\FlashGet\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 17:34 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaBtSh]
--a--c--- 2006-02-08 16:29 24576 c:\program files\Mobile Action\Bluetooth Manager\MaBtSh.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 Ma730Pt;MA730 Bluetooth VCOM Driver;c:\windows\system32\DRIVERS\Ma730Pt.sys [2007-07-23 103040]
R3 Ma730Vad;MA730 Bluetooth Audio;c:\windows\system32\DRIVERS\Ma730Vad.sys [2007-07-23 23376]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2006-03-24 33536]
S3 Ma730c;MA730 Bluetooth Core Driver;c:\windows\system32\DRIVERS\MA730C.sys [2007-07-23 156128]
S3 VNICPKT5;VNICPKT5 Protocol Driver;\??\c:\windows\System32\VNICPKT5.SYS [2007-07-22 16066]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20a76b85-3ec0-11dd-9b59-0090d043944d}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e1edbe0-ae01-11dc-980d-0090d043944d}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5B099C6A-A846-4719-90F7-02449FA79B54} - c:\windows\system32\5B099C6A.dll
ShellExecuteHooks-{1FE7E361-ED93-4ACB-92E2-D683223C817A} - c:\windows\system32\1FE7E361.dll
ShellExecuteHooks-{9F1FEBCC-D5D4-47DC-B221-E1F42C5620CC} - c:\windows\system32\9F1FEBCC.dll
ShellExecuteHooks-{C6F6B780-061B-4237-9364-61ED228BC11B} - c:\windows\system32\C6F6B780.dll
ShellExecuteHooks-{C9BA3E1A-D040-48F0-949F-C158E8D62AED} - c:\windows\system32\C9BA3E1A.dll
ShellExecuteHooks-{E1A5A48F-2742-42E8-B7A7-BBB5D57EF93C} - c:\windows\system32\E1A5A48F.dll
ShellExecuteHooks-{D4B844A0-2ABC-4268-80C3-FE4F0AF15804} - c:\windows\system32\D4B844A0.dll
ShellExecuteHooks-{D53819B4-AD4A-4163-A224-0AB4422483D3} - c:\windows\system32\D53819B4.dll
ShellExecuteHooks-{F7885EE1-EACB-443F-B720-83977E48980A} - c:\windows\system32\F7885EE1.dll
ShellExecuteHooks-{D9F46778-5BA7-447D-8088-EAE6C1080606} - c:\windows\system32\D9F46778.dll
ShellExecuteHooks-{32729D3D-75A4-465B-BB2F-68E136E9E75C} - c:\windows\system32\32729D3D.dll
ShellExecuteHooks-{4F347056-06EF-4AF1-ABEE-685A005A34EE} - c:\windows\system32\4F347056.dll
ShellExecuteHooks-{67C41A85-38B6-4BA7-8EFD-369660EE8812} - c:\windows\system32\67C41A85.dll
ShellExecuteHooks-{4DA55BB5-3E31-4C21-9490-2195530057E6} - c:\windows\system32\4DA55BB5.dll
ShellExecuteHooks-{A1F96EBA-53F7-48AD-9318-9568BD592B60} - c:\windows\system32\A1F96EBA.dll
ShellExecuteHooks-{199C3329-CD6D-42AC-AC2B-E38FD8122E36} - c:\windows\system32\199C3329.dll
ShellExecuteHooks-{2CCD7654-1421-4E63-AF9F-4094389663B8} - c:\windows\system32\2CCD7654.dll
ShellExecuteHooks-{77073D2D-C693-4A8B-BD95-068595A08037} - c:\windows\system32\77073D2D.dll
ShellExecuteHooks-{05C656CA-8EE7-4CD9-80C9-A77E8ABDB003} - c:\windows\system32\05C656CA.dll
ShellExecuteHooks-{87F04417-8290-436B-AE2B-102C8C104F4E} - c:\windows\system32\87F04417.dll
ShellExecuteHooks-{F4D33A39-7922-48FB-BEB9-A10F5AE268C5} - c:\windows\system32\F4D33A39.dll
ShellExecuteHooks-{A07DA569-EA60-4B27-B6A4-605003EA5EDB} - c:\windows\system32\A07DA569.dll
ShellExecuteHooks-{AB7511D7-CC52-443A-B720-27BE5F958CCD} - c:\windows\system32\AB7511D7.dll
ShellExecuteHooks-{793146B5-FDC4-43D7-B1CF-EDB1B3BC841E} - c:\windows\system32\793146B5.dll
ShellExecuteHooks-{440C4E72-8580-47D5-B604-C88E38D627F5} - c:\windows\system32\440C4E72.dll
ShellExecuteHooks-{F0926B46-5362-4CC0-8320-18223640556D} - c:\windows\system32\F0926B46.dll
ShellExecuteHooks-{FCA50F61-7554-425F-B6F2-9A80E51AABDC} - c:\windows\system32\FCA50F61.dll
ShellExecuteHooks-{95D63313-F25F-424F-A61E-7D5B96837E9A} - c:\windows\system32\95D63313.dll
ShellExecuteHooks-{798E4F1A-63CA-4A5E-975A-06B59AC08106} - c:\windows\system32\798E4F1A.dll
ShellExecuteHooks-{0EEFB5F6-DE92-4519-AAFC-4822A2949443} - c:\windows\system32\0EEFB5F6.dll
SSODL-5B099C6A-{5B099C6A-A846-4719-90F7-02449FA79B54} - c:\windows\system32\5B099C6A.dll
SSODL-1FE7E361-{1FE7E361-ED93-4ACB-92E2-D683223C817A} - c:\windows\system32\1FE7E361.dll
SSODL-9F1FEBCC-{9F1FEBCC-D5D4-47DC-B221-E1F42C5620CC} - c:\windows\system32\9F1FEBCC.dll
SSODL-C6F6B780-{C6F6B780-061B-4237-9364-61ED228BC11B} - c:\windows\system32\C6F6B780.dll
SSODL-C9BA3E1A-{C9BA3E1A-D040-48F0-949F-C158E8D62AED} - c:\windows\system32\C9BA3E1A.dll
SSODL-E1A5A48F-{E1A5A48F-2742-42E8-B7A7-BBB5D57EF93C} - c:\windows\system32\E1A5A48F.dll
SSODL-D4B844A0-{D4B844A0-2ABC-4268-80C3-FE4F0AF15804} - c:\windows\system32\D4B844A0.dll
SSODL-D53819B4-{D53819B4-AD4A-4163-A224-0AB4422483D3} - c:\windows\system32\D53819B4.dll
SSODL-F7885EE1-{F7885EE1-EACB-443F-B720-83977E48980A} - c:\windows\system32\F7885EE1.dll
SSODL-D9F46778-{D9F46778-5BA7-447D-8088-EAE6C1080606} - c:\windows\system32\D9F46778.dll
SSODL-32729D3D-{32729D3D-75A4-465B-BB2F-68E136E9E75C} - c:\windows\system32\32729D3D.dll
SSODL-4F347056-{4F347056-06EF-4AF1-ABEE-685A005A34EE} - c:\windows\system32\4F347056.dll
SSODL-67C41A85-{67C41A85-38B6-4BA7-8EFD-369660EE8812} - c:\windows\system32\67C41A85.dll
SSODL-4DA55BB5-{4DA55BB5-3E31-4C21-9490-2195530057E6} - c:\windows\system32\4DA55BB5.dll
SSODL-A1F96EBA-{A1F96EBA-53F7-48AD-9318-9568BD592B60} - c:\windows\system32\A1F96EBA.dll
SSODL-199C3329-{199C3329-CD6D-42AC-AC2B-E38FD8122E36} - c:\windows\system32\199C3329.dll
SSODL-2CCD7654-{2CCD7654-1421-4E63-AF9F-4094389663B8} - c:\windows\system32\2CCD7654.dll
SSODL-77073D2D-{77073D2D-C693-4A8B-BD95-068595A08037} - c:\windows\system32\77073D2D.dll
SSODL-05C656CA-{05C656CA-8EE7-4CD9-80C9-A77E8ABDB003} - c:\windows\system32\05C656CA.dll
SSODL-87F04417-{87F04417-8290-436B-AE2B-102C8C104F4E} - c:\windows\system32\87F04417.dll
SSODL-F4D33A39-{F4D33A39-7922-48FB-BEB9-A10F5AE268C5} - c:\windows\system32\F4D33A39.dll
SSODL-A07DA569-{A07DA569-EA60-4B27-B6A4-605003EA5EDB} - c:\windows\system32\A07DA569.dll
SSODL-AB7511D7-{AB7511D7-CC52-443A-B720-27BE5F958CCD} - c:\windows\system32\AB7511D7.dll
SSODL-793146B5-{793146B5-FDC4-43D7-B1CF-EDB1B3BC841E} - c:\windows\system32\793146B5.dll
SSODL-440C4E72-{440C4E72-8580-47D5-B604-C88E38D627F5} - c:\windows\system32\440C4E72.dll
SSODL-F0926B46-{F0926B46-5362-4CC0-8320-18223640556D} - c:\windows\system32\F0926B46.dll
SSODL-FCA50F61-{FCA50F61-7554-425F-B6F2-9A80E51AABDC} - c:\windows\system32\FCA50F61.dll
SSODL-95D63313-{95D63313-F25F-424F-A61E-7D5B96837E9A} - c:\windows\system32\95D63313.dll
SSODL-798E4F1A-{798E4F1A-63CA-4A5E-975A-06B59AC08106} - c:\windows\system32\798E4F1A.dll
SSODL-0EEFB5F6-{0EEFB5F6-DE92-4519-AAFC-4822A2949443} - c:\windows\system32\0EEFB5F6.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.be/
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Nguyen\Start Menu\Programs\IMVU\Run IMVU.lnk

c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game11.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf
FF - ProfilePath - c:\documents and settings\Nguyen\Application Data\Mozilla\Firefox\Profiles\1qtbtvno.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 20:31:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\scardsvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\windows\system32\devldr32.exe
.
**************************************************************************
.
Completion time: 2009-01-04 20:36:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-04 19:36:23
ComboFix2.txt 2008-05-20 10:46:54

Pre-Run: 2.074.882.048 bytes free
Post-Run: 2,074,103,808 bytes free

300 --- E O F --- 2008-10-24 07:14:42



En hier Hijack Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:37:38, on 4/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Alcatel Speedtouch Connection (2).lnk = C:\Program Files\Alcatel\SpeedTouch USB\STDialUp.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Nguyen\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://liezj1987.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{465DA6C4-6D5C-4F0D-8DE4-5D48525FABFB}: NameServer = 195.238.2.21 195.238.2.22
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6169 bytes


Thx!

Du-toube

Legacy Member
Hey!

Alles werkt zo te zien weer goed!

Superbedankt voor uw hulp alvast! Leuk om te weten dat er mensen zijn die al die moeite willen doen. :)

Grtz

Juisterr

Legacy Member
Deïnstalleer combofix:
- Ga naar start > uitvoeren en typ ComboFix /u
- Klik vervolgens op 2. en klik enter
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan