Mededeling

**BendeBoy** · 01-01-08, 21:28

Hi Sylvia02,

Ik zie dat je TeaTimer van Spybot op de achtergrond hebt draaien, deze kan in de weg zitten met het fixen van HijackThis-regels. Zet daarom de TeaTimer eventjes uit, dit doe je op de volgende manier:

1. Start Spybot Search and Destroy.
2. Ga naar 'Mode' > selecteer Advanced Mode
3. Ga naar 'Tools' en klik op het Resident-icoon in de lijst
4. Haal het vinkje weg bij Resident TeaTimer en klik OK

5. Download nu [url=http://downloads.subratam.org/ResetTeaTimer.bat]ResetTeaTimer.bat naar je bureaublad. (rechtsklikken -> opslaan als..)
6. Open nu ResetTeaTimer.bat vanaf je bureaublad.

TeaTimer is nu uitgezet en gereset.

Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix en sla het op je bureaublad op.

Open Combofix.exe en volg de instructies, aanvaard de disclaimer door '1' te typen.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Het is mogelijk dat de PC zichzelf automatisch opnieuw opstart. Wanneer de fix is gedaan en na mogelijk herstart zal een log (combofix.txt) openen. Plaats de inhoud van dit bericht in je volgende reactie samen met een nieuw logje van HijackThis.

- Daniël

**sylvia02** · 01-01-08, 22:43

Hallo Daniel,
Dank voor je reactie. Ik heb gedaan zoals je adviseerde. Bijgaande logjes:
ComboFix 07-12-31.4 - Sylvia 2008-01-01 23:12:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.932 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Sylvia\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Sylvia\Application Data\macromedia\Flash Player\#SharedObjects\AJ2PBR8G\www.broadcaster.com
C:\Documents and Settings\Sylvia\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Sylvia\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\acirrqjl.ini
C:\WINDOWS\system32\aluekatu.dll
C:\WINDOWS\system32\cbxwurq.dll
C:\WINDOWS\system32\dgjlm.ini
C:\WINDOWS\system32\dgjlm.ini2
C:\WINDOWS\system32\dgjlm.tmp
C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\hjjlm.ini2
C:\WINDOWS\system32\hoebamxh.dll
C:\WINDOWS\system32\ifkurolq.ini
C:\WINDOWS\system32\kssrnuep.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mjnbxwsi.dll
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.ini2
C:\WINDOWS\system32\rjtdefpg.dll
C:\WINDOWS\system32\sjutvkkh.ini
C:\WINDOWS\system32\sjxwulmd.dll
C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\srqss.ini2
C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\winccf32.dll
C:\WINDOWS\system32\xbadd.ini
C:\WINDOWS\system32\xbadd.ini2

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-12-01 to 2008-01-01 ))))))))))))))))))))))))))))))
.

2008-01-01 14:57 . 2008-01-01 14:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-01 14:20 . 2008-01-01 14:20 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-01-01 14:04 . 2008-01-01 14:04 77,376 --a------ C:\WINDOWS\system32\slmhuvgi.dll
2007-12-30 21:13 . 2007-12-30 21:13 78,400 --a------ C:\WINDOWS\system32\usofxjje.dll
2007-12-29 21:20 . 2007-12-29 21:20 78,912 --a------ C:\WINDOWS\system32\pvncmsef.dll
2007-12-28 21:21 . 2007-12-28 21:21 77,888 --a------ C:\WINDOWS\system32\rrwdocpb.dll
2007-12-28 21:18 . 2007-12-28 21:18 1,031,379 ---hs---- C:\WINDOWS\system32\rxdtjsgm.ini
2007-12-28 14:38 . 2007-12-28 14:38 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2007-12-28 14:38 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
2007-12-27 21:18 . 2007-12-27 21:18 81,984 --a------ C:\WINDOWS\system32\cusetrjb.dll
2007-12-27 21:15 . 2007-12-28 21:16 1,031,319 ---hs---- C:\WINDOWS\system32\ktqtubrl.ini
2007-12-27 21:15 . 2007-12-27 21:15 1,031,139 ---hs---- C:\WINDOWS\system32\lgbmqupk.ini
2007-12-27 16:06 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-12-27 16:06 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-12-27 09:00 . 2007-12-27 16:06 1,027,582 ---hs---- C:\WINDOWS\system32\lnwevruc.ini
2007-12-27 08:59 . 2007-12-27 08:59 81,984 --a------ C:\WINDOWS\system32\qwalvdee.dll
2007-12-26 19:03 . 2007-12-27 08:38 1,027,582 ---hs---- C:\WINDOWS\system32\hlehtxom.ini
2007-12-25 09:44 . 2007-12-25 14:33 1,010,086 ---hs---- C:\WINDOWS\system32\dfwhckqp.ini
2007-12-25 09:41 . 2007-12-25 09:41 78,400 --a------ C:\WINDOWS\system32\vikmiwjy.dll
2007-12-24 18:53 . 2007-12-25 09:39 1,010,252 ---hs---- C:\WINDOWS\system32\repwetat.ini
2007-12-24 18:37 . 2008-01-01 23:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-24 18:37 . 2008-01-01 23:22 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-23 17:48 . 2007-12-24 18:38 1,012,253 ---hs---- C:\WINDOWS\system32\kjdybjue.ini
2007-12-22 14:16 . 2007-12-22 14:16 <DIR> d-------- C:\Splash
2007-12-22 14:09 . 2007-12-28 10:48 803 --a------ C:\WINDOWS\CoDUO.INI
2007-12-22 13:39 . 2007-12-22 14:07 733 --a------ C:\WINDOWS\CoD.INI
2007-12-17 20:21 . 2007-12-17 20:28 <DIR> d-------- C:\Program Files\The All-Seeing Eye
2007-12-10 12:57 . 2007-12-10 12:57 <DIR> d-------- C:\Program Files\Windows Sidebar
2007-12-09 19:44 . 2007-12-09 19:58 <DIR> d-------- C:\Program Files\Game Cam v1.4
2007-12-08 19:31 . 2007-12-08 19:32 <DIR> d-------- C:\Temp
2007-12-08 11:09 . 2007-12-08 11:30 24 --a------ C:\WINDOWS\system32\sysmwwod.dll
2007-12-08 11:05 . 2002-11-13 11:14 1,703,936 --a------ C:\WINDOWS\system32\NCTAudioFile.dll
2007-12-08 11:05 . 2002-11-06 15:12 360,448 --a------ C:\WINDOWS\system32\NCTWMAFile.dll
2007-12-08 11:05 . 2000-12-06 00:00 209,608 --a------ C:\WINDOWS\system32\Tabctl32.ocx
2007-12-08 11:04 . 2007-12-12 15:41 <DIR> d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
2007-12-08 11:04 . 2002-06-13 13:50 376,832 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-08 11:04 . 2002-09-06 11:36 233,472 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-12-08 11:04 . 2001-08-08 21:00 40,960 --a------ C:\WINDOWS\system32\DGPNorm.ocx
2007-12-08 10:59 . 2001-03-17 21:34 22,528 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-12-08 10:59 . 2002-07-17 09:05 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-12-08 10:58 . 2007-12-08 11:03 <DIR> d-------- C:\Program Files\4Musics OGG to WAV Converter
2007-12-08 09:19 . 2007-12-08 09:59 <DIR> d-------- C:\Program Files\Video Jasper
2007-12-07 03:07 . 2007-12-07 03:07 102,400 --a------ C:\WINDOWS\system32\SampleGrabber.ax
2007-12-05 16:30 . 2005-05-22 19:08 180,736 --a------ C:\WINDOWS\RCScreen1.scr
2007-12-05 16:30 . 2007-12-05 16:30 67 --a------ C:\WINDOWS\RCScreen1.ini

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 19:40 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-01 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-01 14:16 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-01 13:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-01 12:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-25 12:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-21 16:49 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-20 13:58 --------- d-----w C:\Program Files\Google
2007-12-20 10:34 --------- d-s---w C:\Program Files\Xfire
2007-12-16 12:09 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-16 12:09 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-16 12:09 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-16 12:09 --------- d-----w C:\Program Files\Symantec
2007-12-12 14:39 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-12 14:01 --------- d-----w C:\Program Files\MSN Messenger
2007-12-10 11:45 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\Symantec
2007-12-08 15:41 --------- d-----w C:\Program Files\Fraps
2007-12-08 10:21 --------- d-----w C:\Program Files\MediaMonkey (IPod)
2007-12-06 19:59 --------- d-----w C:\Documents and Settings\Jurrien\Application Data\LimeWire
2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-27 21:10 --------- d-----w C:\Program Files\Windows Live
2007-11-27 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-25 21:15 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\VoipStunt
2007-11-15 20:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 13:07 --------- d-----w C:\Program Files\Prisma
2004-01-08 13:46 2,185,052 ----a-w C:\Documents and Settings\Sylvia\Wild Divine.exe
2007-07-14 17:18 1,031,587 -csh--w C:\WINDOWS\system32\qstwa.bak2
2007-07-14 17:21 1,032,910 -csh--w C:\WINDOWS\system32\qstwa.ini2
2007-08-11 19:21 650,982 -csh--w C:\WINDOWS\system32\stvwa.bak1
2007-08-11 19:21 650,438 -csh--w C:\WINDOWS\system32\stvwa.bak2
2007-08-11 19:54 6,933 -csh--w C:\WINDOWS\system32\stvwa.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58beb46d-74a0-4d22-a507-5ce6a1086a7b}]
2008-01-01 14:04 77376 --a------ C:\WINDOWS\system32\slmhuvgi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-12-10 12:59 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C19CA02B-6853-4AE9-9054-5CC449B0893B}]
C:\WINDOWS\system32\ddabx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"VoipStunt"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-10 11:19 77824]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 18:35 49152]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"ncoOSCheck"="C:\Program Files\Norton Confidential\osCheck.exe" [2006-12-15 11:47 120416]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-13 20:46 185784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 22:07 51048]
"AcctMgr"="C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" [2006-11-28 03:43 591488]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 21:53 714608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" [2007-08-26 17:04 687976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]

R2 CWMonitor;Symantec Crimeware Protection Driver;C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\Monitor.sys [2006-10-05 07:41]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 22:07]
R3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 Dual Mode;Dual Mode Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2002-10-09 20:24]
S3 dump_wmimmc;dump_wmimmc;C:\ijji\ENGLISH\U_SF\GameGuard\dump_wmimmc.sys

S3 gAGP440p;gAGP440p;C:\DOCUME~1\Jasper\LOCALS~1\Temp\gAGP440p.sys

S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-01 19:00:02 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2007-11-15 15:36:28 C:\WINDOWS\Tasks\naar ed brink om 16.job"
- C:\Documents and Settings\Jasper\Mijn documenten\Afspraak 1.txt
"2007-12-31 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Sylvia.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 23:26:41
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-01 23:30:13 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 22:30:09
.
2007-12-13 21:33:25 --- E O F ---

Hijackthis-log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:01, on 1-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\CWDefScn.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Documents and Settings\Sylvia\Bureaublad\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {b7a6801a-6ec5-705a-22d4-0a47d64beb85} - {58beb46d-74a0-4d22-a507-5ce6a1086a7b} - C:\WINDOWS\system32\slmhuvgi.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {C19CA02B-6853-4AE9-9054-5CC449B0893B} - C:\WINDOWS\system32\ddabx.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ncoOSCheck] C:\Program Files\Norton Confidential\osCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" /startup
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9139 bytes

gr.Sylvia

**BendeBoy** · 02-01-08, 15:32

Open een nieuw kladblok bestand.

Kopieer en plak daarin de onderstaande dik gedrukte blauwe tekst.
Ga naar 'Bestand' -> 'Opslaan als..' en sla het vervolgens op je bureaublad op als CFScript.txt.

Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58beb46d-74a0-4d22-a507-5ce6a1086a7b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C19CA02B-6853-4AE9-9054-5CC449B0893B}]

Files::
C:\WINDOWS\system32\slmhuvgi.dll
C:\WINDOWS\system32\usofxjje.dll
C:\WINDOWS\system32\pvncmsef.dll
C:\WINDOWS\system32\rrwdocpb.dll
C:\WINDOWS\system32\rxdtjsgm.ini
C:\WINDOWS\system32\cusetrjb.dll
C:\WINDOWS\system32\ktqtubrl.ini
C:\WINDOWS\system32\lgbmqupk.ini
C:\WINDOWS\system32\lnwevruc.ini
C:\WINDOWS\system32\qwalvdee.dll
C:\WINDOWS\system32\hlehtxom.ini
C:\WINDOWS\system32\dfwhckqp.ini
C:\WINDOWS\system32\vikmiwjy.dll
C:\WINDOWS\system32\repwetat.ini
C:\WINDOWS\system32\kjdybjue.ini
C:\WINDOWS\system32\qstwa.bak2
C:\WINDOWS\system32\qstwa.ini2
C:\WINDOWS\system32\stvwa.bak1
C:\WINDOWS\system32\stvwa.bak2
C:\WINDOWS\system32\stvwa.ini2
C:\WINDOWS\system32\ddabx.dll

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.

**sylvia02** · 02-01-08, 21:45

Bijgaand de nieuwe logjes:

ComboFix 07-12-31.4 - Sylvia 2008-01-02 22:39:49.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.925 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Sylvia\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sylvia\Bureaublad\CFScript.txt.doc
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))
.

2008-01-02 11:13 . 2008-01-02 11:13 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-01 14:57 . 2008-01-01 14:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-01 14:20 . 2008-01-01 14:20 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-01-01 14:04 . 2008-01-01 14:04 77,376 --a------ C:\WINDOWS\system32\slmhuvgi.dll
2007-12-30 21:13 . 2007-12-30 21:13 78,400 --a------ C:\WINDOWS\system32\usofxjje.dll
2007-12-29 21:20 . 2007-12-29 21:20 78,912 --a------ C:\WINDOWS\system32\pvncmsef.dll
2007-12-28 21:21 . 2007-12-28 21:21 77,888 --a------ C:\WINDOWS\system32\rrwdocpb.dll
2007-12-28 21:18 . 2007-12-28 21:18 1,031,379 ---hs---- C:\WINDOWS\system32\rxdtjsgm.ini
2007-12-28 14:38 . 2007-12-28 14:38 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2007-12-28 14:38 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
2007-12-27 21:18 . 2007-12-27 21:18 81,984 --a------ C:\WINDOWS\system32\cusetrjb.dll
2007-12-27 21:15 . 2007-12-28 21:16 1,031,319 ---hs---- C:\WINDOWS\system32\ktqtubrl.ini
2007-12-27 21:15 . 2007-12-27 21:15 1,031,139 ---hs---- C:\WINDOWS\system32\lgbmqupk.ini
2007-12-27 16:06 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-12-27 16:06 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-12-27 09:00 . 2007-12-27 16:06 1,027,582 ---hs---- C:\WINDOWS\system32\lnwevruc.ini
2007-12-27 08:59 . 2007-12-27 08:59 81,984 --a------ C:\WINDOWS\system32\qwalvdee.dll
2007-12-26 19:03 . 2007-12-27 08:38 1,027,582 ---hs---- C:\WINDOWS\system32\hlehtxom.ini
2007-12-25 09:44 . 2007-12-25 14:33 1,010,086 ---hs---- C:\WINDOWS\system32\dfwhckqp.ini
2007-12-25 09:41 . 2007-12-25 09:41 78,400 --a------ C:\WINDOWS\system32\vikmiwjy.dll
2007-12-24 18:53 . 2007-12-25 09:39 1,010,252 ---hs---- C:\WINDOWS\system32\repwetat.ini
2007-12-24 18:37 . 2008-01-02 22:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-24 18:37 . 2008-01-01 23:22 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-23 17:48 . 2007-12-24 18:38 1,012,253 ---hs---- C:\WINDOWS\system32\kjdybjue.ini
2007-12-22 14:16 . 2007-12-22 14:16 <DIR> d-------- C:\Splash
2007-12-22 14:09 . 2007-12-28 10:48 803 --a------ C:\WINDOWS\CoDUO.INI
2007-12-22 13:39 . 2007-12-22 14:07 733 --a------ C:\WINDOWS\CoD.INI
2007-12-17 20:21 . 2007-12-17 20:28 <DIR> d-------- C:\Program Files\The All-Seeing Eye
2007-12-10 12:57 . 2007-12-10 12:57 <DIR> d-------- C:\Program Files\Windows Sidebar
2007-12-09 19:44 . 2007-12-09 19:58 <DIR> d-------- C:\Program Files\Game Cam v1.4
2007-12-08 19:31 . 2007-12-08 19:32 <DIR> d-------- C:\Temp
2007-12-08 11:09 . 2007-12-08 11:30 24 --a------ C:\WINDOWS\system32\sysmwwod.dll
2007-12-08 11:05 . 2002-11-13 11:14 1,703,936 --a------ C:\WINDOWS\system32\NCTAudioFile.dll
2007-12-08 11:05 . 2002-11-06 15:12 360,448 --a------ C:\WINDOWS\system32\NCTWMAFile.dll
2007-12-08 11:05 . 2000-12-06 00:00 209,608 --a------ C:\WINDOWS\system32\Tabctl32.ocx
2007-12-08 11:04 . 2007-12-12 15:41 <DIR> d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
2007-12-08 11:04 . 2002-06-13 13:50 376,832 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-08 11:04 . 2002-09-06 11:36 233,472 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-12-08 11:04 . 2001-08-08 21:00 40,960 --a------ C:\WINDOWS\system32\DGPNorm.ocx
2007-12-08 10:59 . 2001-03-17 21:34 22,528 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-12-08 10:59 . 2002-07-17 09:05 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-12-08 10:58 . 2007-12-08 11:03 <DIR> d-------- C:\Program Files\4Musics OGG to WAV Converter
2007-12-08 09:19 . 2007-12-08 09:59 <DIR> d-------- C:\Program Files\Video Jasper
2007-12-07 03:07 . 2007-12-07 03:07 102,400 --a------ C:\WINDOWS\system32\SampleGrabber.ax
2007-12-05 16:30 . 2005-05-22 19:08 180,736 --a------ C:\WINDOWS\RCScreen1.scr
2007-12-05 16:30 . 2007-12-05 16:30 67 --a------ C:\WINDOWS\RCScreen1.ini

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 21:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-02 19:26 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-02 19:26 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-02 18:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-02 09:58 --------- d-s---w C:\Program Files\Xfire
2008-01-02 09:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-01 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-01 13:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-31 15:53 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-21 16:49 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-20 13:58 --------- d-----w C:\Program Files\Google
2007-12-16 12:09 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-16 12:09 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-16 12:09 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-16 12:09 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-16 12:09 --------- d-----w C:\Program Files\Symantec
2007-12-12 14:39 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-12 14:01 --------- d-----w C:\Program Files\MSN Messenger
2007-12-10 11:45 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\Symantec
2007-12-08 15:41 --------- d-----w C:\Program Files\Fraps
2007-12-08 10:21 --------- d-----w C:\Program Files\MediaMonkey (IPod)
2007-12-06 19:59 --------- d-----w C:\Documents and Settings\Jurrien\Application Data\LimeWire
2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-27 21:10 --------- d-----w C:\Program Files\Windows Live
2007-11-27 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-25 21:15 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\VoipStunt
2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-11-15 20:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 13:07 --------- d-----w C:\Program Files\Prisma
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2005-05-11 22:36 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
2004-01-08 13:46 2,185,052 ----a-w C:\Documents and Settings\Sylvia\Wild Divine.exe
2007-07-14 17:18 1,031,587 -csh--w C:\WINDOWS\system32\qstwa.bak2
2007-07-14 17:21 1,032,910 -csh--w C:\WINDOWS\system32\qstwa.ini2
2007-08-11 19:21 650,982 -csh--w C:\WINDOWS\system32\stvwa.bak1
2007-08-11 19:21 650,438 -csh--w C:\WINDOWS\system32\stvwa.bak2
2007-08-11 19:54 6,933 -csh--w C:\WINDOWS\system32\stvwa.ini2
.

((((((((((((((((((((((((((((( snapshot@2008-01-01_23.29.52.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-02 09:22:27 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_65c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58beb46d-74a0-4d22-a507-5ce6a1086a7b}]
2008-01-01 14:04 77376 --a------ C:\WINDOWS\system32\slmhuvgi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-12-10 12:59 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C19CA02B-6853-4AE9-9054-5CC449B0893B}]
C:\WINDOWS\system32\ddabx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"VoipStunt"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-10 11:19 77824]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 18:35 49152]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"ncoOSCheck"="C:\Program Files\Norton Confidential\osCheck.exe" [2006-12-15 11:47 120416]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-13 20:46 185784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 22:07 51048]
"AcctMgr"="C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" [2006-11-28 03:43 591488]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 21:53 714608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" [2007-08-26 17:04 687976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]

R2 CWMonitor;Symantec Crimeware Protection Driver;C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\Monitor.sys [2006-10-05 07:41]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 22:07]
R3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 Dual Mode;Dual Mode Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2002-10-09 20:24]
S3 dump_wmimmc;dump_wmimmc;C:\ijji\ENGLISH\U_SF\GameGuard\dump_wmimmc.sys

S3 gAGP440p;gAGP440p;C:\DOCUME~1\Jasper\LOCALS~1\Temp\gAGP440p.sys

S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]

*Newly Created Service* - PNKBSTRK
.
Inhoud van de 'Gedeelde Taken' map
"2008-01-02 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2007-11-15 15:36:28 C:\WINDOWS\Tasks\naar ed brink om 16.job"
- C:\Documents and Settings\Jasper\Mijn documenten\Afspraak 1.txt
"2007-12-31 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Sylvia.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 22:43:36
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-02 22:44:17
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-02 21:44:12
C:\qoobox\ComboFix2.txt 2008-01-01 22:30:13
.
2007-12-13 21:33:25 --- E O F ---

en highjackthislog:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:45:30, on 2-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\CWDefScn.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Sylvia\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {b7a6801a-6ec5-705a-22d4-0a47d64beb85} - {58beb46d-74a0-4d22-a507-5ce6a1086a7b} - C:\WINDOWS\system32\slmhuvgi.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {C19CA02B-6853-4AE9-9054-5CC449B0893B} - C:\WINDOWS\system32\ddabx.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ncoOSCheck] C:\Program Files\Norton Confidential\osCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" /startup
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-21-1190067832-492260076-881494414-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Jurrien')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9217 bytes

gr.Sylvia

**BendeBoy** · 02-01-08, 21:53

Er is iets mis gegaan, download de bijlage eens naar je bureaublad en doe het onderstaande

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.[/QUOTE]

Bijgevoegde Bestanden

CFScript.txt (894 Bytes, 109 keer bekeken)

**sylvia02** · 03-01-08, 22:38

Bijgaand nieuwe logjes:

ComboFix 07-12-31.4 - Sylvia 2008-01-03 23:34:03.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.904 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Sylvia\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sylvia\Bureaublad\CFScript[1] Ben.txt
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))
.

2008-01-01 14:57 . 2008-01-01 14:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-01 14:20 . 2008-01-01 14:20 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-01-01 14:04 . 2008-01-01 14:04 77,376 --a------ C:\WINDOWS\system32\slmhuvgi.dll
2007-12-30 21:13 . 2007-12-30 21:13 78,400 --a------ C:\WINDOWS\system32\usofxjje.dll
2007-12-29 21:20 . 2007-12-29 21:20 78,912 --a------ C:\WINDOWS\system32\pvncmsef.dll
2007-12-28 21:21 . 2007-12-28 21:21 77,888 --a------ C:\WINDOWS\system32\rrwdocpb.dll
2007-12-28 21:18 . 2007-12-28 21:18 1,031,379 ---hs---- C:\WINDOWS\system32\rxdtjsgm.ini
2007-12-28 14:38 . 2007-12-28 14:38 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2007-12-28 14:38 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
2007-12-27 21:18 . 2007-12-27 21:18 81,984 --a------ C:\WINDOWS\system32\cusetrjb.dll
2007-12-27 21:15 . 2007-12-28 21:16 1,031,319 ---hs---- C:\WINDOWS\system32\ktqtubrl.ini
2007-12-27 21:15 . 2007-12-27 21:15 1,031,139 ---hs---- C:\WINDOWS\system32\lgbmqupk.ini
2007-12-27 16:06 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-12-27 16:06 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-12-27 09:00 . 2007-12-27 16:06 1,027,582 ---hs---- C:\WINDOWS\system32\lnwevruc.ini
2007-12-27 08:59 . 2007-12-27 08:59 81,984 --a------ C:\WINDOWS\system32\qwalvdee.dll
2007-12-26 19:03 . 2007-12-27 08:38 1,027,582 ---hs---- C:\WINDOWS\system32\hlehtxom.ini
2007-12-25 09:44 . 2007-12-25 14:33 1,010,086 ---hs---- C:\WINDOWS\system32\dfwhckqp.ini
2007-12-25 09:41 . 2007-12-25 09:41 78,400 --a------ C:\WINDOWS\system32\vikmiwjy.dll
2007-12-24 18:53 . 2007-12-25 09:39 1,010,252 ---hs---- C:\WINDOWS\system32\repwetat.ini
2007-12-24 18:37 . 2008-01-03 23:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-24 18:37 . 2008-01-01 23:22 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-23 17:48 . 2007-12-24 18:38 1,012,253 ---hs---- C:\WINDOWS\system32\kjdybjue.ini
2007-12-22 14:16 . 2007-12-22 14:16 <DIR> d-------- C:\Splash
2007-12-22 14:09 . 2007-12-28 10:48 803 --a------ C:\WINDOWS\CoDUO.INI
2007-12-22 13:39 . 2007-12-22 14:07 733 --a------ C:\WINDOWS\CoD.INI
2007-12-17 20:21 . 2007-12-17 20:28 <DIR> d-------- C:\Program Files\The All-Seeing Eye
2007-12-10 12:57 . 2007-12-10 12:57 <DIR> d-------- C:\Program Files\Windows Sidebar
2007-12-09 19:44 . 2007-12-09 19:58 <DIR> d-------- C:\Program Files\Game Cam v1.4
2007-12-08 19:31 . 2007-12-08 19:32 <DIR> d-------- C:\Temp
2007-12-08 11:09 . 2007-12-08 11:30 24 --a------ C:\WINDOWS\system32\sysmwwod.dll
2007-12-08 11:05 . 2002-11-13 11:14 1,703,936 --a------ C:\WINDOWS\system32\NCTAudioFile.dll
2007-12-08 11:05 . 2002-11-06 15:12 360,448 --a------ C:\WINDOWS\system32\NCTWMAFile.dll
2007-12-08 11:05 . 2000-12-06 00:00 209,608 --a------ C:\WINDOWS\system32\Tabctl32.ocx
2007-12-08 11:04 . 2007-12-12 15:41 <DIR> d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
2007-12-08 11:04 . 2002-06-13 13:50 376,832 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-08 11:04 . 2002-09-06 11:36 233,472 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-12-08 11:04 . 2001-08-08 21:00 40,960 --a------ C:\WINDOWS\system32\DGPNorm.ocx
2007-12-08 10:59 . 2001-03-17 21:34 22,528 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-12-08 10:59 . 2002-07-17 09:05 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-12-08 10:58 . 2007-12-08 11:03 <DIR> d-------- C:\Program Files\4Musics OGG to WAV Converter
2007-12-08 09:19 . 2007-12-08 09:59 <DIR> d-------- C:\Program Files\Video Jasper
2007-12-07 03:07 . 2007-12-07 03:07 102,400 --a------ C:\WINDOWS\system32\SampleGrabber.ax
2007-12-05 16:30 . 2005-05-22 19:08 180,736 --a------ C:\WINDOWS\RCScreen1.scr
2007-12-05 16:30 . 2007-12-05 16:30 67 --a------ C:\WINDOWS\RCScreen1.ini

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 22:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-03 18:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-03 18:55 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-03 18:16 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-02 09:58 --------- d-s---w C:\Program Files\Xfire
2008-01-02 09:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-01 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-01 13:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-31 15:53 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-21 16:49 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-20 13:58 --------- d-----w C:\Program Files\Google
2007-12-16 12:09 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-16 12:09 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-16 12:09 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-16 12:09 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-16 12:09 --------- d-----w C:\Program Files\Symantec
2007-12-12 14:39 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-12 14:01 --------- d-----w C:\Program Files\MSN Messenger
2007-12-10 11:45 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\Symantec
2007-12-08 15:41 --------- d-----w C:\Program Files\Fraps
2007-12-08 10:21 --------- d-----w C:\Program Files\MediaMonkey (IPod)
2007-12-06 19:59 --------- d-----w C:\Documents and Settings\Jurrien\Application Data\LimeWire
2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-27 21:10 --------- d-----w C:\Program Files\Windows Live
2007-11-27 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-25 21:15 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\VoipStunt
2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-11-15 20:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-14 07:29 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 13:07 --------- d-----w C:\Program Files\Prisma
2007-10-30 10:14 3,086,848 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-11 06:10 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 06:10 669,184 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 06:10 619,520 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 06:10 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 06:10 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 06:10 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:10 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 06:10 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 06:10 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 06:10 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 06:10 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 06:10 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 06:10 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:10 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 06:10 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:10 1,057,280 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:10 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 10:48 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2005-05-11 22:36 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
2004-01-08 13:46 2,185,052 ----a-w C:\Documents and Settings\Sylvia\Wild Divine.exe
2007-07-14 17:18 1,031,587 -csh--w C:\WINDOWS\system32\qstwa.bak2
2007-07-14 17:21 1,032,910 -csh--w C:\WINDOWS\system32\qstwa.ini2
2007-08-11 19:21 650,982 -csh--w C:\WINDOWS\system32\stvwa.bak1
2007-08-11 19:21 650,438 -csh--w C:\WINDOWS\system32\stvwa.bak2
2007-08-11 19:54 6,933 -csh--w C:\WINDOWS\system32\stvwa.ini2
.

((((((((((((((((((((((((((((( snapshot@2008-01-01_23.29.52.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-06-15 08:14:17 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-10-11 06:10:13 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-06-15 08:14:17 151,552 -c--a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-10-11 06:10:13 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2007-06-15 08:14:17 1,057,280 -c--a-w C:\WINDOWS\system32\danim.dll
+ 2007-10-11 06:10:15 1,057,280 ----a-w C:\WINDOWS\system32\danim.dll
- 2007-06-15 08:14:17 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-10-11 06:10:15 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-06-15 08:14:17 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-10-11 06:10:15 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-06-15 08:14:17 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-11 06:10:15 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-12-04 15:08:21 309,192 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-01-03 15:44:01 309,992 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-12-04 15:10:45 86,488 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
+ 2008-01-03 16:17:47 86,872 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
- 2007-06-15 08:14:17 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-10-11 06:10:15 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-06-15 08:14:17 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-10-11 06:10:15 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:41:41 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-11-14 07:29:20 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-06-15 08:14:17 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-10-11 06:10:15 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-06-15 08:14:18 3,085,312 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-10-30 10:14:15 3,086,848 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-06-15 08:14:18 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-11 06:10:19 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-06-15 08:14:18 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-10-11 06:10:19 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-06-15 08:14:18 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-10-11 06:10:20 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-06-15 08:14:18 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-10-11 06:10:20 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-06-15 08:14:18 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-10-11 06:10:22 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-06-15 08:14:18 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-10-11 06:10:22 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2007-06-15 08:14:18 618,496 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-10-11 06:10:23 619,520 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-06-26 14:53:35 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-10-11 06:10:24 669,184 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58beb46d-74a0-4d22-a507-5ce6a1086a7b}]
2008-01-01 14:04 77376 --a------ C:\WINDOWS\system32\slmhuvgi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-12-10 12:59 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C19CA02B-6853-4AE9-9054-5CC449B0893B}]
C:\WINDOWS\system32\ddabx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"VoipStunt"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-10 11:19 77824]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 18:35 49152]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"ncoOSCheck"="C:\Program Files\Norton Confidential\osCheck.exe" [2006-12-15 11:47 120416]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-13 20:46 185784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 22:07 51048]
"AcctMgr"="C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" [2006-11-28 03:43 591488]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 21:53 714608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" [2007-08-26 17:04 687976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]

R2 CWMonitor;Symantec Crimeware Protection Driver;C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\Monitor.sys [2006-10-05 07:41]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 22:07]
R3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 Dual Mode;Dual Mode Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2002-10-09 20:24]
S3 dump_wmimmc;dump_wmimmc;C:\ijji\ENGLISH\U_SF\GameGuard\dump_wmimmc.sys

S3 gAGP440p;gAGP440p;C:\DOCUME~1\Jasper\LOCALS~1\Temp\gAGP440p.sys

S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]

*Newly Created Service* - PNKBSTRK
.
Inhoud van de 'Gedeelde Taken' map
"2008-01-03 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2007-11-15 15:36:28 C:\WINDOWS\Tasks\naar ed brink om 16.job"
- C:\Documents and Settings\Jasper\Mijn documenten\Afspraak 1.txt
"2007-12-31 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Sylvia.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 23:36:27
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-03 23:37:06
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-03 22:37:02
C:\qoobox\ComboFix2.txt 2008-01-02 21:44:18
C:\qoobox\ComboFix3.txt 2008-01-01 22:30:13
.
2008-01-02 22:21:53 --- E O F ---

en highjackthis-log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:38:15, on 3-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\CWDefScn.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Sylvia\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {b7a6801a-6ec5-705a-22d4-0a47d64beb85} - {58beb46d-74a0-4d22-a507-5ce6a1086a7b} - C:\WINDOWS\system32\slmhuvgi.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {C19CA02B-6853-4AE9-9054-5CC449B0893B} - C:\WINDOWS\system32\ddabx.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ncoOSCheck] C:\Program Files\Norton Confidential\osCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" /startup
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9001 bytes

gr.Sylvia

**BendeBoy** · 04-01-08, 14:06

Lukt nog steeds niet goed..
Je hebt hem "CFScript[1] Ben.txt" genoemd.. hij moet "CFScript.txt" heten...

**sylvia02** · 04-01-08, 22:43

herkansing.....

ComboFix 07-12-31.4 - Sylvia 2008-01-04 23:37:58.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.940 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Sylvia\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sylvia\Bureaublad\CFScript.txt.doc
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))
.

2008-01-01 14:57 . 2008-01-01 14:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-01 14:20 . 2008-01-01 14:20 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-01-01 14:04 . 2008-01-01 14:04 77,376 --a------ C:\WINDOWS\system32\slmhuvgi.dll
2007-12-30 21:13 . 2007-12-30 21:13 78,400 --a------ C:\WINDOWS\system32\usofxjje.dll
2007-12-29 21:20 . 2007-12-29 21:20 78,912 --a------ C:\WINDOWS\system32\pvncmsef.dll
2007-12-28 21:21 . 2007-12-28 21:21 77,888 --a------ C:\WINDOWS\system32\rrwdocpb.dll
2007-12-28 21:18 . 2007-12-28 21:18 1,031,379 ---hs---- C:\WINDOWS\system32\rxdtjsgm.ini
2007-12-28 14:38 . 2007-12-28 14:38 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2007-12-28 14:38 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
2007-12-27 21:18 . 2007-12-27 21:18 81,984 --a------ C:\WINDOWS\system32\cusetrjb.dll
2007-12-27 21:15 . 2007-12-28 21:16 1,031,319 ---hs---- C:\WINDOWS\system32\ktqtubrl.ini
2007-12-27 21:15 . 2007-12-27 21:15 1,031,139 ---hs---- C:\WINDOWS\system32\lgbmqupk.ini
2007-12-27 16:06 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-12-27 16:06 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-12-27 09:00 . 2007-12-27 16:06 1,027,582 ---hs---- C:\WINDOWS\system32\lnwevruc.ini
2007-12-27 08:59 . 2007-12-27 08:59 81,984 --a------ C:\WINDOWS\system32\qwalvdee.dll
2007-12-26 19:03 . 2007-12-27 08:38 1,027,582 ---hs---- C:\WINDOWS\system32\hlehtxom.ini
2007-12-25 09:44 . 2007-12-25 14:33 1,010,086 ---hs---- C:\WINDOWS\system32\dfwhckqp.ini
2007-12-25 09:41 . 2007-12-25 09:41 78,400 --a------ C:\WINDOWS\system32\vikmiwjy.dll
2007-12-24 18:53 . 2007-12-25 09:39 1,010,252 ---hs---- C:\WINDOWS\system32\repwetat.ini
2007-12-24 18:37 . 2008-01-04 21:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-24 18:37 . 2008-01-01 23:22 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-23 17:48 . 2007-12-24 18:38 1,012,253 ---hs---- C:\WINDOWS\system32\kjdybjue.ini
2007-12-22 14:16 . 2007-12-22 14:16 <DIR> d-------- C:\Splash
2007-12-22 14:09 . 2007-12-28 10:48 803 --a------ C:\WINDOWS\CoDUO.INI
2007-12-22 13:39 . 2007-12-22 14:07 733 --a------ C:\WINDOWS\CoD.INI
2007-12-17 20:21 . 2007-12-17 20:28 <DIR> d-------- C:\Program Files\The All-Seeing Eye
2007-12-10 12:57 . 2007-12-10 12:57 <DIR> d-------- C:\Program Files\Windows Sidebar
2007-12-09 19:44 . 2007-12-09 19:58 <DIR> d-------- C:\Program Files\Game Cam v1.4
2007-12-08 19:31 . 2007-12-08 19:32 <DIR> d-------- C:\Temp
2007-12-08 11:09 . 2007-12-08 11:30 24 --a------ C:\WINDOWS\system32\sysmwwod.dll
2007-12-08 11:05 . 2002-11-13 11:14 1,703,936 --a------ C:\WINDOWS\system32\NCTAudioFile.dll
2007-12-08 11:05 . 2002-11-06 15:12 360,448 --a------ C:\WINDOWS\system32\NCTWMAFile.dll
2007-12-08 11:05 . 2000-12-06 00:00 209,608 --a------ C:\WINDOWS\system32\Tabctl32.ocx
2007-12-08 11:04 . 2007-12-12 15:41 <DIR> d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
2007-12-08 11:04 . 2002-06-13 13:50 376,832 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-08 11:04 . 2002-09-06 11:36 233,472 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-12-08 11:04 . 2001-08-08 21:00 40,960 --a------ C:\WINDOWS\system32\DGPNorm.ocx
2007-12-08 10:59 . 2001-03-17 21:34 22,528 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-12-08 10:59 . 2002-07-17 09:05 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-12-08 10:58 . 2007-12-08 11:03 <DIR> d-------- C:\Program Files\4Musics OGG to WAV Converter
2007-12-08 09:19 . 2007-12-08 09:59 <DIR> d-------- C:\Program Files\Video Jasper
2007-12-07 03:07 . 2007-12-07 03:07 102,400 --a------ C:\WINDOWS\system32\SampleGrabber.ax
2007-12-05 16:30 . 2005-05-22 19:08 180,736 --a------ C:\WINDOWS\RCScreen1.scr
2007-12-05 16:30 . 2007-12-05 16:30 67 --a------ C:\WINDOWS\RCScreen1.ini

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 22:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-04 19:33 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-04 19:33 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-04 14:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-04 12:03 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\Xfire
2008-01-04 09:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-02 09:58 --------- d-s---w C:\Program Files\Xfire
2008-01-01 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-01 13:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-31 15:53 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-21 16:49 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-20 13:58 --------- d-----w C:\Program Files\Google
2007-12-16 12:09 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-16 12:09 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-16 12:09 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-16 12:09 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-16 12:09 --------- d-----w C:\Program Files\Symantec
2007-12-12 14:39 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-12 14:01 --------- d-----w C:\Program Files\MSN Messenger
2007-12-10 11:45 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\Symantec
2007-12-08 15:41 --------- d-----w C:\Program Files\Fraps
2007-12-08 10:21 --------- d-----w C:\Program Files\MediaMonkey (IPod)
2007-12-06 19:59 --------- d-----w C:\Documents and Settings\Jurrien\Application Data\LimeWire
2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-27 21:10 --------- d-----w C:\Program Files\Windows Live
2007-11-27 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-25 21:15 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\VoipStunt
2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-11-15 20:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-14 07:29 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 13:07 --------- d-----w C:\Program Files\Prisma
2007-10-30 10:14 3,086,848 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-11 06:10 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 06:10 669,184 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 06:10 619,520 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 06:10 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 06:10 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 06:10 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:10 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 06:10 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 06:10 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 06:10 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 06:10 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 06:10 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 06:10 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:10 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 06:10 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:10 1,057,280 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:10 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 10:48 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2005-05-11 22:36 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
2004-01-08 13:46 2,185,052 ----a-w C:\Documents and Settings\Sylvia\Wild Divine.exe
2007-07-14 17:18 1,031,587 -csh--w C:\WINDOWS\system32\qstwa.bak2
2007-07-14 17:21 1,032,910 -csh--w C:\WINDOWS\system32\qstwa.ini2
2007-08-11 19:21 650,982 -csh--w C:\WINDOWS\system32\stvwa.bak1
2007-08-11 19:21 650,438 -csh--w C:\WINDOWS\system32\stvwa.bak2
2007-08-11 19:54 6,933 -csh--w C:\WINDOWS\system32\stvwa.ini2
.

((((((((((((((((((((((((((((( snapshot_2008-01-03_23.36.42,56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-03 16:17:47 86,872 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
+ 2008-01-04 20:25:24 8,224 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
+ 2008-01-04 08:56:33 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_784.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58beb46d-74a0-4d22-a507-5ce6a1086a7b}]
2008-01-01 14:04 77376 --a------ C:\WINDOWS\system32\slmhuvgi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-12-10 12:59 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C19CA02B-6853-4AE9-9054-5CC449B0893B}]
C:\WINDOWS\system32\ddabx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"VoipStunt"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-10 11:19 77824]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 18:35 49152]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"ncoOSCheck"="C:\Program Files\Norton Confidential\osCheck.exe" [2006-12-15 11:47 120416]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-13 20:46 185784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 22:07 51048]
"AcctMgr"="C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" [2006-11-28 03:43 591488]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 21:53 714608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" [2007-08-26 17:04 687976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]

R2 CWMonitor;Symantec Crimeware Protection Driver;C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\Monitor.sys [2006-10-05 07:41]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 22:07]
R3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 Dual Mode;Dual Mode Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2002-10-09 20:24]
S3 dump_wmimmc;dump_wmimmc;C:\ijji\ENGLISH\U_SF\GameGuard\dump_wmimmc.sys

S3 gAGP440p;gAGP440p;C:\DOCUME~1\Jasper\LOCALS~1\Temp\gAGP440p.sys

S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]

*Newly Created Service* - PNKBSTRK
.
Inhoud van de 'Gedeelde Taken' map
"2008-01-04 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2007-11-15 15:36:28 C:\WINDOWS\Tasks\naar ed brink om 16.job"
- C:\Documents and Settings\Jasper\Mijn documenten\Afspraak 1.txt
"2007-12-31 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Sylvia.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 23:40:22
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-04 23:40:58
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-04 22:40:55
C:\qoobox\ComboFix2.txt 2008-01-03 22:37:07
C:\qoobox\ComboFix3.txt 2008-01-02 21:44:18
C:\qoobox\ComboFix4.txt 2008-01-01 22:30:13
.
2008-01-03 22:42:14 --- E O F ---

Highjack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:42:38, on 4-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\CWDefScn.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Sylvia\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {b7a6801a-6ec5-705a-22d4-0a47d64beb85} - {58beb46d-74a0-4d22-a507-5ce6a1086a7b} - C:\WINDOWS\system32\slmhuvgi.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {C19CA02B-6853-4AE9-9054-5CC449B0893B} - C:\WINDOWS\system32\ddabx.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ncoOSCheck] C:\Program Files\Norton Confidential\osCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" /startup
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-21-1190067832-492260076-881494414-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Jasper')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9050 bytes

gr.Sylvia

**BendeBoy** · 04-01-08, 23:53

Hallo Sylvia,

Laten we het eventjes iets anders proberen:

1. Open Deze Computer en kies Extra -> Mapopties.
Controleer onder Weergave de volgende instellingen:

Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
Uitzetten: Extensies voor bekende bestandstypen verbergen

Druk daarna op Toepassen gevolgd door Ok.

2. Dubbelklik op de bijlage en sla het op je bureaublad op. Controleer of het PRECIES deze naam heeft: CFScript.txt - zo niet pas deze dan aub eventjes aan.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.

Bijgevoegde Bestanden

CFScript.txt (1,0 KB, 120 keer bekeken)

**sylvia02** · 06-01-08, 20:14

Oke, komt e.e.a. nog een keer

(terwijl ik dit uitvoerde kwamen er steeds meldingen in beeld van toepassingsfouten: regedit.exe en swreg.cfexe en regt.cfexe. Zegt jou dit iets?)

ComboFix 07-12-31.4 - Sylvia 2008-01-06 21:08:36.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.1049 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Sylvia\Bureaublad\ComboFix.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))
.

2008-01-06 16:33 . 2008-01-06 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-06 16:31 . 2008-01-06 16:31 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-06 16:31 . 2008-01-06 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-01 14:57 . 2008-01-01 14:57 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-28 14:38 . 2007-12-28 14:38 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2007-12-28 14:38 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
2007-12-27 16:06 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-12-27 16:06 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-12-24 18:37 . 2008-01-06 16:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-24 18:37 . 2008-01-06 16:32 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-22 14:16 . 2007-12-22 14:16 <DIR> d-------- C:\Splash
2007-12-22 14:09 . 2007-12-28 10:48 803 --a------ C:\WINDOWS\CoDUO.INI
2007-12-22 13:39 . 2007-12-22 14:07 733 --a------ C:\WINDOWS\CoD.INI
2007-12-17 20:21 . 2007-12-17 20:28 <DIR> d-------- C:\Program Files\The All-Seeing Eye
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-10 12:57 . 2007-12-10 12:57 <DIR> d-------- C:\Program Files\Windows Sidebar
2007-12-09 19:44 . 2007-12-09 19:58 <DIR> d-------- C:\Program Files\Game Cam v1.4
2007-12-08 19:31 . 2007-12-08 19:32 <DIR> d-------- C:\Temp
2007-12-08 11:05 . 2002-11-13 11:14 1,703,936 --a------ C:\WINDOWS\system32\NCTAudioFile.dll
2007-12-08 11:05 . 2002-11-06 15:12 360,448 --a------ C:\WINDOWS\system32\NCTWMAFile.dll
2007-12-08 11:05 . 2000-12-06 00:00 209,608 --a------ C:\WINDOWS\system32\Tabctl32.ocx
2007-12-08 11:04 . 2007-12-12 15:41 <DIR> d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
2007-12-08 11:04 . 2002-06-13 13:50 376,832 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-08 11:04 . 2002-09-06 11:36 233,472 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-12-08 11:04 . 2001-08-08 21:00 40,960 --a------ C:\WINDOWS\system32\DGPNorm.ocx
2007-12-08 10:59 . 2001-03-17 21:34 22,528 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-12-08 10:59 . 2002-07-17 09:05 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-12-08 10:58 . 2007-12-08 11:03 <DIR> d-------- C:\Program Files\4Musics OGG to WAV Converter
2007-12-08 09:19 . 2007-12-08 09:59 <DIR> d-------- C:\Program Files\Video Jasper
2007-12-07 03:07 . 2007-12-07 03:07 102,400 --a------ C:\WINDOWS\system32\SampleGrabber.ax

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-06 19:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-06 18:24 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-06 18:23 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-06 15:39 --------- d-----w C:\Program Files\QuickTime
2008-01-04 12:03 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\Xfire
2008-01-04 09:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-02 09:58 --------- d-s---w C:\Program Files\Xfire
2008-01-01 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-01 13:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-31 15:53 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-21 16:49 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-20 13:58 --------- d-----w C:\Program Files\Google
2007-12-16 12:09 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-16 12:09 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-16 12:09 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-16 12:09 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-16 12:09 --------- d-----w C:\Program Files\Symantec
2007-12-12 14:39 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-12 14:01 --------- d-----w C:\Program Files\MSN Messenger
2007-12-10 11:45 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\Symantec
2007-12-08 15:41 --------- d-----w C:\Program Files\Fraps
2007-12-08 10:21 --------- d-----w C:\Program Files\MediaMonkey (IPod)
2007-12-06 19:59 --------- d-----w C:\Documents and Settings\Jurrien\Application Data\LimeWire
2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-27 21:10 --------- d-----w C:\Program Files\Windows Live
2007-11-27 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-25 21:15 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\VoipStunt
2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-11-15 20:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 13:07 --------- d-----w C:\Program Files\Prisma
2007-10-31 03:57 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-11 06:10 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:10 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:10 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:10 1,057,280 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:10 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 23:54 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:53 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:53 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:53 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:53 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:53 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:53 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:53 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:53 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:53 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:53 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:53 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:53 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:53 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:53 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:53 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 11:02 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2005-05-11 22:36 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-12-10 12:59 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"VoipStunt"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 18:35 49152]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"ncoOSCheck"="C:\Program Files\Norton Confidential\osCheck.exe" [2006-12-15 11:47 120416]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-13 20:46 185784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 22:07 51048]
"AcctMgr"="C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" [2006-11-28 03:43 591488]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 21:53 714608]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 12:00 399360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" [2007-08-26 17:04 687976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]

R2 CWMonitor;Symantec Crimeware Protection Driver;C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\Monitor.sys [2006-10-05 07:41]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 22:07]
R3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 Dual Mode;Dual Mode Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2002-10-09 20:24]
S3 dump_wmimmc;dump_wmimmc;C:\ijji\ENGLISH\U_SF\GameGuard\dump_wmimmc.sys

S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-06 15:32:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-06 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2007-11-15 15:36:28 C:\WINDOWS\Tasks\naar ed brink om 16.job"
- C:\Documents and Settings\Jasper\Mijn documenten\Afspraak 1.txt
"2007-12-31 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Sylvia.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 21:10:24
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-06 21:11:03
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-06 20:11:00
C:\qoobox\ComboFix2.txt 2008-01-06 20:06:46
C:\qoobox\ComboFix3.txt 2008-01-04 22:40:59
C:\qoobox\ComboFix4.txt 2008-01-03 22:37:07
C:\qoobox\ComboFix5.txt 2008-01-02 21:44:18
.
2008-01-03 22:42:14 --- E O F ---

highjack-log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:28, on 6-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\CWDefScn.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Sylvia\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ncoOSCheck] C:\Program Files\Norton Confidential\osCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" /startup
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8991 bytes

gr.Sylvia

**BendeBoy** · 06-01-08, 22:44

Goedzo! Het lijkt te zijn gelukt!

Trek van die foutmeldingen maar even niets aan, het schijnt gelukt te zijn... Laten we nog eventjes een extra scan uitvoeren met Dr.Web... Volg de onderstaande instructies zorgvuldig...

Download Dr.Web CureIt en sla het op je bureaublad op.

Dubbelklik drweb-cureit.exe en sta het toe om te express scan te starten.
Indien er een popup verschijnt met het voorstel tot kopen/50% korting mag je deze sluiten.
De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt klik op 'alles selecteren' kies nu voor 'repareren' en uit het kleine menutje dat verschijnt kies je 'verplaatsen'.
Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
Druk op F9, kies daarna voor het tabblad Acties en stel daar het volgende in onder Malware:
- Adware: Verplaats
- Dialers: Verplaats
- Jokes: Rapportage
- Riskware: Rapportage
- Hacktools: Verplaats
- Haal dan het vinkje weg bij 'Prompt bij actie'.
Kies daarna voor het tabblad Scan en verwijder het vinkje bij Heuristische analyse.
Druk vervolgens op Toepassen gevolgd door OK.
Eenmaal als de korte scan is beëindigd vink je aan: Volledige scan.
Druk daarna op het groene pijltje (start knop) om de scan te starten.
Gevonden bestanden worden naar '%USERPROFILE%\DocterWeb\Quarantine' -map verplaatst indien het herstellen niet mogelijk is.
Nadat de scan gedaan is ga dan naar Bestand en kies Rapportage lijst opslaan.
Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt.
Herstart vervolgens de computer!! Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart.
Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

- Daniël

**sylvia02** · 10-01-08, 19:32

Dank! PC loopt een stuk beter. Cure-it leverde al niets meer op.
Bijgaand highjack-log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:30:57, on 10-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\CWDefScn.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Sylvia\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {58beb46d-74a0-4d22-a507-5ce6a1086a7b} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {C19CA02B-6853-4AE9-9054-5CC449B0893B} - (no file)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ncoOSCheck] C:\Program Files\Norton Confidential\osCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" /startup
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Teamspeak RC2.lnk = C:\Games\Teamspeak2_RC2\TeamSpeak.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9980 bytes

PS Mijn Norton abonnement loopt binnenkort af. Heb je nog een goeie tip voor een gratis virusscanner om te downloaden??

gr.Sylvia

**BendeBoy** · 19-01-08, 23:48

Hallo Sylvia,

Zoals ik het zie heb je al een andere gratis virusscanner, namelijk AVG

Zal je nog eventjes een logje van ComboFix willen maken?

- Daniël

**sylvia02** · 20-01-08, 10:45

Hallo Daniel,

Komt de Combo-log:
ComboFix 08-01-20.1 - Sylvia 2008-01-20 11:37:59.9 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.801 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Sylvia\Bureaublad\ComboFix.exe

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((( Bestanden Gemaakt van 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))
.

2008-01-20 11:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-18 13:51 . 2008-01-18 13:51 <DIR> d-------- C:\Program Files\Navman
2008-01-14 19:53 . 1999-04-23 22:22 151,552 --a------ C:\WINDOWS\system32\MSOSS.DLL
2008-01-13 19:17 . 2008-01-13 19:37 <DIR> d-------- C:\Program Files\Wild Divine
2008-01-13 17:27 . 1999-11-10 12:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2008-01-13 12:19 . 2008-01-13 12:34 331 --a------ C:\WINDOWS\CoDUO.INI
2008-01-13 11:21 . 2008-01-13 12:16 733 --a------ C:\WINDOWS\CoD.INI
2008-01-12 21:19 . 2008-01-12 21:19 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-01-11 01:29 . 2008-01-11 01:29 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-09 22:08 . 2008-01-20 11:13 <DIR> d-------- C:\Documents and Settings\Sylvia\Application Data\AVG7
2008-01-09 22:08 . 2008-01-09 22:08 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-09 22:07 . 2008-01-09 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-09 22:07 . 2008-01-09 22:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-09 20:45 . 2008-01-09 20:45 <DIR> d-------- C:\Documents and Settings\Sylvia\Application Data\teamspeak2
2008-01-07 19:12 . 2008-01-07 19:12 <DIR> d-------- C:\Program Files\Recuva
2008-01-07 18:43 . 2008-01-07 18:43 <DIR> d-------- C:\Restoration
2008-01-07 18:40 . 2008-01-07 18:40 <DIR> d-------- C:\Program Files\Eden Studios
2008-01-06 16:31 . 2008-01-06 16:31 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-06 16:31 . 2008-01-06 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-01 14:57 . 2008-01-01 14:57 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-27 16:06 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-12-27 16:06 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 10:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-18 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-18 16:01 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-18 16:01 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-18 12:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-17 13:37 --------- d-----w C:\Program Files\Fraps
2008-01-17 12:14 --------- d-s---w C:\Program Files\Xfire
2008-01-15 14:01 221,184 -c--a-w C:\WINDOWS\system32\wrap_oal.dll
2008-01-15 12:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-14 21:28 --------- d-----w C:\Program Files\Wisdom Quest
2008-01-13 16:27 --------- d-----w C:\Program Files\QuickTime
2008-01-04 12:03 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\Xfire
2008-01-01 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-31 15:53 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-21 16:49 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-20 13:58 --------- d-----w C:\Program Files\Google
2007-12-17 19:28 --------- d-----w C:\Program Files\The All-Seeing Eye
2007-12-16 12:09 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-16 12:09 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-16 12:09 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-16 12:09 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-16 12:09 --------- d-----w C:\Program Files\Symantec
2007-12-12 14:41 --------- d-----w C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
2007-12-12 14:39 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-12 14:01 --------- d-----w C:\Program Files\MSN Messenger
2007-12-10 11:57 --------- d-----w C:\Program Files\Windows Sidebar
2007-12-10 11:45 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\Symantec
2007-12-09 18:58 --------- d-----w C:\Program Files\Game Cam v1.4
2007-12-08 10:21 --------- d-----w C:\Program Files\MediaMonkey (IPod)
2007-12-08 10:03 --------- d-----w C:\Program Files\4Musics OGG to WAV Converter
2007-12-08 08:59 --------- d-----w C:\Program Files\Video Jasper
2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-27 21:10 --------- d-----w C:\Program Files\Windows Live
2007-11-27 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-25 21:15 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\VoipStunt
2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:30 727,040 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-31 03:57 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2005-05-11 22:36 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58beb46d-74a0-4d22-a507-5ce6a1086a7b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-12-10 12:59 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C19CA02B-6853-4AE9-9054-5CC449B0893B}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"VoipStunt"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 18:35 49152]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"ncoOSCheck"="C:\Program Files\Norton Confidential\osCheck.exe" [2006-12-15 11:47 120416]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-13 20:46 185784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 22:07 51048]
"AcctMgr"="C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" [2006-11-28 03:43 591488]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 21:53 714608]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-10 20:00 579072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-13 17:27 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" [2007-08-26 17:04 687976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-09 22:07 219136]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]
Teamspeak RC2.lnk - C:\Games\Teamspeak2_RC2\TeamSpeak.exe [2003-08-29 15:13:04 1436160]

R2 CWMonitor;Symantec Crimeware Protection Driver;C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\Monitor.sys [2006-10-05 07:41]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 22:07]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 Dual Mode;Dual Mode Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2002-10-09 20:24]
S3 dump_wmimmc;dump_wmimmc;C:\ijji\ENGLISH\U_SF\GameGuard\dump_wmimmc.sys

S3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-10 06:51:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-19 11:00:04 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-01-14 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Sylvia.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 11:39:36
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-20 11:40:15
ComboFix-quarantined-files.txt 2008-01-20 10:40:12
ComboFix2.txt 2008-01-20 10:36:06
ComboFix3.txt 2008-01-08 22:36:03
.
2008-01-19 18:51:58 --- E O F ---

Verder heb ik nog een vraag:
er staat op mijn bureaublad een logje van cure-it, maar die kan ik niet verwijderen. Er komt steeds in beeld dat het door iemand anders of een programma in gebruik is. Dit terwijl er verder NIETS openstaat. Hoe krijg ik het weg?

Is AVG een betrouwbare virusscanner in jullie ogen?

m.vr.gr.Sylvia

Mededeling

Trojan.vundo - trojan.adclicker - Trage PC

Trojan.vundo - trojan.adclicker - Trage PC

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment