Mededeling

**Marckie** · 17-01-08, 08:52

Dag Peter,

Sluit alle open vensters.
Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {3575DCB9-152B-41DD-8318-5DB20A886961} - C:\WINDOWS\system32\jkhhh.dll (file missing)
O2 - BHO: (no name) - {A1C77420-D2AF-4A94-88DA-77CE0C551BED} - C:\WINDOWS\system32\awtsrsq.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKCU\..\Policies\Explorer\Run: [NTSecurity] NTSecurity.exe
O20 - Winlogon Notify: awtsrsq - C:\WINDOWS\SYSTEM32\awtsrsq.dll

Klik daarna op "Fix checked" en sluit HijackThis af.

Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

**PretPro** · 17-01-08, 13:25

hoi Marckie
bedankt voor snelle reactie

ComboFix 08-01-09.2 - Windows 2008-01-17 11:22:56.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.152 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Windows\Bureaublad\ComboFix (3).exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))
.

2008-01-13 22:01 . 2008-01-13 22:01 3,584 --a------ C:\WINDOWS\system32\ddaya.exe
2008-01-13 21:11 . 2008-01-13 21:11 3,584 --a------ C:\WINDOWS\system32\pmkji.exe
2008-01-13 19:14 . 2008-01-16 16:26 <DIR> d-------- C:\Documents and Settings\Windows\DoctorWeb
2008-01-13 16:13 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 20:46 . 2008-01-12 20:51 <DIR> d-------- C:\Program Files\Fx Video Converter
2008-01-12 20:46 . 2001-03-13 12:50 525,352 --a------ C:\WINDOWS\system32\dbgrid32.ocx
2008-01-12 20:46 . 2001-08-17 12:18 508,928 --a------ C:\WINDOWS\system32\msde.dll
2008-01-12 20:46 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-01-12 20:46 . 1998-07-29 14:08 363,008 --a------ C:\WINDOWS\system32\BUYB12.dll
2008-01-12 20:46 . 2001-03-13 12:53 77,824 --a------ C:\WINDOWS\system32\msbind.dll
2008-01-12 20:46 . 1998-07-29 14:08 46,592 --a------ C:\WINDOWS\system32\buyb12ex.dll
2008-01-12 20:46 . 2003-08-04 00:34 40,960 --a------ C:\WINDOWS\system32\FXDV1to2.dll
2008-01-12 20:46 . 2003-03-06 10:43 36,864 --a------ C:\WINDOWS\system32\FxPanel.ocx
2008-01-12 20:46 . 1998-07-29 14:08 28,160 --a------ C:\WINDOWS\system32\BuyB12Ax.ocx
2008-01-12 20:31 . 2008-01-12 21:18 <DIR> d-------- C:\Program Files\Free FLV Converter
2008-01-12 20:31 . 2005-05-14 20:09 2,179,072 --a------ C:\WINDOWS\system32\mfc71d.dll
2008-01-12 20:31 . 2006-07-11 18:06 765,952 --a------ C:\WINDOWS\system32\msvcp71d.dll
2008-01-12 20:31 . 2006-07-11 18:06 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2008-01-12 20:31 . 2007-06-18 23:22 364,544 --a------ C:\WINDOWS\system32\PropertyGrid.ocx
2008-01-12 20:31 . 2005-10-13 13:42 208,500 --a------ C:\WINDOWS\system32\ReyXpBasics.tlb
2008-01-12 20:31 . 2004-03-09 00:00 84,512 --a------ C:\WINDOWS\system32\PICCLP32.OCX
2008-01-12 20:31 . 2005-09-28 01:31 24,576 --a------ C:\WINDOWS\system32\ControlSubX.ocx
2008-01-12 20:31 . 1998-07-12 23:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2008-01-12 20:31 . 1998-07-13 00:00 9,728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL
2008-01-12 20:05 . 2008-01-12 20:05 <DIR> d-------- C:\Program Files\CA
2008-01-12 20:05 . 2008-01-12 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-01-12 19:54 . 2008-01-12 20:08 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-12 16:22 . 2008-01-12 16:22 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\ESET
2008-01-12 15:51 . 2008-01-13 16:12 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\U3
2008-01-12 15:28 . 2008-01-16 16:38 <DIR> d--hs---- C:\Documents and Settings\Windows\Onlangs geopend
2008-01-10 16:03 . 2008-01-10 16:07 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-10 15:41 . 2008-01-13 17:56 4,602 --a------ C:\WINDOWS\wininit.ini
2008-01-10 15:25 . 2008-01-12 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-09 21:08 . 2008-01-09 21:12 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\AVG7
2008-01-09 21:08 . 2008-01-09 21:08 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-09 21:07 . 2008-01-09 21:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-09 21:07 . 2008-01-12 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-09 19:10 . 2008-01-09 19:10 39,424 --a------ C:\WINDOWS\system32\awtsrsq.dll
2008-01-09 19:04 . 2008-01-09 19:04 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-07 21:46 . 2008-01-09 19:35 <DIR> d--hs---- C:\Documents and Settings\Jaimy\Onlangs geopend
2008-01-06 20:51 . 2008-01-06 20:51 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Start
2008-01-05 20:57 . 2008-01-05 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-05 20:56 . 2008-01-12 19:14 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
2008-01-05 20:19 . 2008-01-13 10:07 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\uTorrent
2008-01-05 19:55 . 2008-01-05 20:22 <DIR> d-------- C:\Program Files\uTorrent
2007-12-31 10:50 . 2007-12-31 10:50 <DIR> d-------- C:\Documents and Settings\Jaimy\Application Data\Lavasoft
2007-12-30 11:45 . 2007-12-30 11:45 <DIR> d-------- C:\Documents and Settings\Jaimy\Application Data\vlc
2007-12-30 11:42 . 2007-12-30 11:42 <DIR> d-------- C:\Program Files\VideoLAN
2007-12-26 17:01 . 2007-12-26 17:01 <DIR> d-------- C:\Program Files\XviD
2007-12-26 17:00 . 2005-03-18 01:01 626,688 --a------ C:\WINDOWS\system32\NCTImageFile.dll
2007-12-26 17:00 . 2005-02-22 03:32 312,320 --a------ C:\WINDOWS\system32\NCTVideoView.dll
2007-12-26 16:59 . 2005-05-25 01:24 764,416 --a------ C:\WINDOWS\system32\NCTRMFile.dll
2007-12-26 16:59 . 2005-07-19 03:53 249,856 --a------ C:\WINDOWS\system32\NCTQuickTimeFile.dll
2007-12-26 16:59 . 2005-07-01 04:09 215,552 --a------ C:\WINDOWS\system32\NCTWMVFile.dll
2007-12-26 16:59 . 2005-06-29 02:28 188,416 --a------ C:\WINDOWS\system32\NCTVideoFile.dll
2007-12-26 16:58 . 2005-07-20 23:33 2,846,720 --a------ C:\WINDOWS\system32\NCTAudioCompress3.dll
2007-12-26 16:58 . 2005-04-14 05:07 780,288 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll
2007-12-26 16:58 . 2005-07-08 04:31 495,104 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll
2007-12-26 16:58 . 2005-06-07 04:11 382,464 --a------ C:\WINDOWS\system32\NCTAVIFile.dll
2007-12-26 16:58 . 2005-06-15 06:04 90,112 --a------ C:\WINDOWS\system32\NCTAudioFormatSettings3.dll
2007-12-26 16:57 . 2007-12-26 16:57 <DIR> d-------- C:\WINDOWS\system32\RMBin
2007-12-26 16:57 . 2007-12-26 17:00 <DIR> d-------- C:\Program Files\Plato Video Converter
2007-12-26 16:57 . 2007-03-09 09:36 856,064 --a------ C:\WINDOWS\system32\mpgfiltr.ax
2007-12-26 16:57 . 2005-05-31 22:16 778,240 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll
2007-12-26 16:57 . 2005-11-25 07:46 421,888 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
2007-12-26 16:57 . 2003-08-07 01:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-12-26 16:57 . 2007-03-09 09:35 208,896 --a------ C:\WINDOWS\system32\VideoEdit.ocx
2007-12-26 16:57 . 2007-03-09 09:37 147,456 --a------ C:\WINDOWS\system32\viscomqtenc.dll
2007-12-26 16:57 . 2007-03-09 09:37 139,264 --a------ C:\WINDOWS\system32\viscomqtde.dll
2007-12-26 16:57 . 2007-03-09 09:36 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2007-12-25 11:55 . 2007-12-25 11:55 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\PCToolsFirewallPlus
2007-12-24 18:32 . 2007-12-24 18:32 <DIR> d-------- C:\Documents and Settings\Jaimy\Application Data\PCToolsFirewallPlus
2007-12-24 18:30 . 2008-01-16 17:00 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-24 17:40 . 2007-12-24 18:28 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-12-24 17:26 . 2008-01-12 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2007-12-23 12:41 . 2008-01-17 11:12 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\Orbit
2007-12-21 08:21 . 2007-12-21 08:21 71,176 --a------ C:\WINDOWS\system32\drivers\epfw.sys
2007-12-21 08:21 . 2007-12-21 08:21 53,768 --a------ C:\WINDOWS\system32\drivers\epfwtdi.sys
2007-12-21 08:21 . 2007-12-21 08:21 30,728 --a------ C:\WINDOWS\system32\drivers\epfwndis.sys
2007-12-21 08:20 . 2007-12-21 08:20 30,216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 08:19 . 2007-12-21 08:19 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-12-20 19:43 . 2008-01-10 14:08 <DIR> d-------- C:\Documents and Settings\Jaimy\Application Data\uTorrent

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 13:57 --------- d-----w C:\Program Files\Lavasoft
2008-01-16 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-16 13:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-13 17:07 --------- d-----w C:\Program Files\Windows Live
2008-01-13 17:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-13 17:02 --------- d-----w C:\Program Files\Hitman Pro
2008-01-12 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-11 16:25 --------- d-----w C:\Documents and Settings\Windows\Application Data\LimeWire
2008-01-10 13:08 --------- d-----w C:\Documents and Settings\Windows\Application Data\Azureus
2008-01-10 13:08 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\LimeWire
2008-01-10 13:08 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\Azureus
2008-01-09 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-09 20:11 --------- d-----w C:\Program Files\iTunes
2008-01-09 20:03 --------- d-----w C:\Program Files\Orbitdownloader
2007-12-24 17:39 --------- d-----w C:\Program Files\MagicISO
2007-12-24 15:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2007-12-23 10:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-20 19:18 --------- d-----w C:\Documents and Settings\Windows\Application Data\MXPLAY
2007-12-20 18:05 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\MXPLAY
2007-12-19 18:46 --------- d-----w C:\Program Files\LimeWire
2007-12-15 12:32 --------- d-----w C:\Documents and Settings\Windows\Application Data\iolo
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-12 19:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-10 20:01 --------- d-----w C:\Program Files\Trust
2007-12-07 17:44 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-07 17:41 --------- d-----w C:\Program Files\VistaBar
2007-12-04 18:45 --------- d-----w C:\Program Files\TopDesk
2007-12-04 18:04 2,324,352 ----a-w C:\WINDOWS\system32\TUKernel.exe
2007-12-04 15:37 --------- d-----w C:\Program Files\Vistart
2007-12-03 19:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\MXPLAY
2007-12-03 18:18 --------- d-----w C:\Program Files\Visualtooltip
2007-12-03 16:42 --------- d-----w C:\Program Files\Styler
2007-12-03 16:41 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\ViStart
2007-12-03 16:20 --------- d-----w C:\Program Files\WinFlip
2007-12-03 16:20 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\Styler
2007-12-02 13:31 --------- d-----w C:\Documents and Settings\Windows\Application Data\TuneUp Software
2007-12-02 11:24 --------- d-----w C:\Program Files\DivX
2007-12-01 10:07 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-30 04:56 329,029 ----a-w C:\WINDOWS\system32\viwc.exe
2007-11-29 17:11 --------- d-----w C:\Program Files\iPod
2007-11-29 17:07 --------- d-----w C:\Program Files\QuickTime
2007-11-29 16:14 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\TuneUp Software
2007-11-29 16:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-11-25 19:00 --------- d-----w C:\Program Files\Microsoft Private Folder 1.0
2007-11-24 15:04 39,424 ----a-w C:\WINDOWS\zipinst.exe
2007-11-24 14:43 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\Microsoft Games
2007-11-23 17:53 --------- d-----w C:\Program Files\HP
2007-11-19 14:38 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-07 09:51 732,160 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
.

Code:

<pre>
----a-w           437,160 2007-01-09 19:21:18  C:\Program Files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
----a-w            15,360 2005-01-09 19:49:12  C:\WINDOWS\system32\ctfmon .exe
</pre>

((((((((((((((((((((((((((((( [email protected]_16.32.45.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-12 15:22:06 10,134 ----a-r C:\WINDOWS\Installer\{A1350B64-1AF8-497B-AC07-307DF67FB8D4}\callmsi.exe
+ 2008-01-14 17:25:41 10,134 ----a-r C:\WINDOWS\Installer\{A1350B64-1AF8-497B-AC07-307DF67FB8D4}\callmsi.exe
- 2008-01-12 15:22:06 140,544 ----a-r C:\WINDOWS\Installer\{A1350B64-1AF8-497B-AC07-307DF67FB8D4}\egui.exe
+ 2008-01-14 17:25:41 140,544 ----a-r C:\WINDOWS\Installer\{A1350B64-1AF8-497B-AC07-307DF67FB8D4}\egui.exe
+ 2008-01-16 13:57:24 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-01-16 13:57:24 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-01-16 13:57:24 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-01-16 13:57:24 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
- 2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-07-11 12:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
- 2007-12-31 09:47:55 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-07 11:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
- 2007-12-31 09:47:56 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2007-08-07 11:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
- 2008-01-10 15:19:27 63,584 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-14 14:15:27 63,324 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-10 15:19:27 92,210 ----a-w C:\WINDOWS\system32\perfc013.dat
+ 2008-01-14 14:15:27 91,900 ----a-w C:\WINDOWS\system32\perfc013.dat
- 2008-01-10 15:19:27 404,364 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-14 14:15:27 404,104 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-10 15:19:27 494,200 ----a-w C:\WINDOWS\system32\perfh013.dat
+ 2008-01-14 14:15:27 493,906 ----a-w C:\WINDOWS\system32\perfh013.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1C77420-D2AF-4A94-88DA-77CE0C551BED}]
2008-01-09 19:10 39424 --a------ C:\WINDOWS\system32\awtsrsq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTrayp"="VTtrayp.exe" [2005-03-11 03:33 147456 C:\WINDOWS\system32\VTTrayp.exe]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-01-15 23:17 1]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-01-15 23:18 1]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:03 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-09 21:07 219136]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2007-11-25 12:30:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LockTaskbar"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"LockTaskbar"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
"{A1C77420-D2AF-4A94-88DA-77CE0C551BED}"= C:\WINDOWS\system32\awtsrsq.dll [2008-01-09 19:10 39424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsrsq]
awtsrsq.dll 2008-01-09 19:10 39424 C:\WINDOWS\system32\awtsrsq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-02-07 16:31 226992 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 14:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-12 12:38 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2005-04-26 04:22 589824 C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-06-20 14:42 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2005-03-07 13:33 53248 C:\WINDOWS\system32\VTTimer.exe

R0 viaidexp;viaidexp;C:\WINDOWS\system32\drivers\viaidexp.sys [2005-05-09 02:03]
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2005-04-26 04:22]
R0 XPacket;iolo Personal Firewall Driver;C:\WINDOWS\system32\xpacket.sys [2006-11-14 17:30]
R2 Prvflder;Prvflder;C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 08:22]
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 03:03]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da73b261-c11d-11dc-b1e0-0016ec1d6ab1}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-11 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-16 17:56:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-17 10:32:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 11:30:50
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwQuerySystemInformation

scannen van verborgen processen ...

C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe [1636]

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-17 11:34:51
ComboFix-quarantined-files.txt 2008-01-17 10:34:36
ComboFix2.txt 2008-01-15 22:45:12
ComboFix3.txt 2008-01-14 15:42:43
ComboFix4.txt 2008-01-14 15:24:14
ComboFix5.txt 2008-01-14 15:07:59
.
2008-01-13 17:00:47 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:19:14, on 17-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Windows\Bureaublad\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A1C77420-D2AF-4A94-88DA-77CE0C551BED} - C:\WINDOWS\system32\awtsrsq.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Toevoegen aan &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab?v=13,0,1609,00
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179410470535
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179427062265
O20 - Winlogon Notify: awtsrsq - C:\WINDOWS\SYSTEM32\awtsrsq.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - VIA Technologies, Inc. - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: UPnPService - Unknown owner - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (file missing)
O23 - Service: Messenger USN Journal Reader service voor Gedeelde mappen (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

--
End of file - 9632 bytes

gr. Peter

**Marckie** · 17-01-08, 13:42

Je gebruikt een oude versie van combofix.
Je moet, zoals ik aangaf de nieuwste versie downloaden.
Ga naar Start - Uitvoeren en tik in: ComboFix /u
Druk op Enter.
En herhaal de instructies die ik eerder gaf.

**PretPro** · 18-01-08, 13:28

hoi Marckie,

sorry, wist ik niet dat het oud programma was.
nieuw met nieuwe combofix gescand

ComboFix 08-01-18.4 - Windows 2008-01-18 10:20:49.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.160 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Windows\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awtsrsq.dll

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))
.

2008-01-17 23:33 . 2008-01-18 00:05 <DIR> d--hs---- C:\Documents and Settings\Windows\Onlangs geopend
2008-01-13 22:01 . 2008-01-13 22:01 3,584 --a------ C:\WINDOWS\system32\ddaya.exe
2008-01-13 21:11 . 2008-01-13 21:11 3,584 --a------ C:\WINDOWS\system32\pmkji.exe
2008-01-13 19:14 . 2008-01-16 16:26 <DIR> d-------- C:\Documents and Settings\Windows\DoctorWeb
2008-01-13 16:13 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 20:46 . 2008-01-12 20:51 <DIR> d-------- C:\Program Files\Fx Video Converter
2008-01-12 20:46 . 2001-03-13 12:50 525,352 --a------ C:\WINDOWS\system32\dbgrid32.ocx
2008-01-12 20:46 . 2001-08-17 12:18 508,928 --a------ C:\WINDOWS\system32\msde.dll
2008-01-12 20:46 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-01-12 20:46 . 1998-07-29 14:08 363,008 --a------ C:\WINDOWS\system32\BUYB12.dll
2008-01-12 20:46 . 2001-03-13 12:53 77,824 --a------ C:\WINDOWS\system32\msbind.dll
2008-01-12 20:46 . 1998-07-29 14:08 46,592 --a------ C:\WINDOWS\system32\buyb12ex.dll
2008-01-12 20:46 . 2003-08-04 00:34 40,960 --a------ C:\WINDOWS\system32\FXDV1to2.dll
2008-01-12 20:46 . 2003-03-06 10:43 36,864 --a------ C:\WINDOWS\system32\FxPanel.ocx
2008-01-12 20:46 . 1998-07-29 14:08 28,160 --a------ C:\WINDOWS\system32\BuyB12Ax.ocx
2008-01-12 20:31 . 2008-01-12 21:18 <DIR> d-------- C:\Program Files\Free FLV Converter
2008-01-12 20:31 . 2005-05-14 20:09 2,179,072 --a------ C:\WINDOWS\system32\mfc71d.dll
2008-01-12 20:31 . 2006-07-11 18:06 765,952 --a------ C:\WINDOWS\system32\msvcp71d.dll
2008-01-12 20:31 . 2006-07-11 18:06 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2008-01-12 20:31 . 2007-06-18 23:22 364,544 --a------ C:\WINDOWS\system32\PropertyGrid.ocx
2008-01-12 20:31 . 2005-10-13 13:42 208,500 --a------ C:\WINDOWS\system32\ReyXpBasics.tlb
2008-01-12 20:31 . 2004-03-09 00:00 84,512 --a------ C:\WINDOWS\system32\PICCLP32.OCX
2008-01-12 20:31 . 2005-09-28 01:31 24,576 --a------ C:\WINDOWS\system32\ControlSubX.ocx
2008-01-12 20:31 . 1998-07-12 23:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2008-01-12 20:31 . 1998-07-13 00:00 9,728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL
2008-01-12 20:05 . 2008-01-12 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-01-12 19:54 . 2008-01-12 20:08 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-12 16:22 . 2008-01-12 16:22 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\ESET
2008-01-12 15:51 . 2008-01-13 16:12 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\U3
2008-01-10 16:03 . 2008-01-10 16:07 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-10 15:41 . 2008-01-13 17:56 4,602 --a------ C:\WINDOWS\wininit.ini
2008-01-10 15:25 . 2008-01-12 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-09 21:08 . 2008-01-09 21:12 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\AVG7
2008-01-09 21:08 . 2008-01-09 21:08 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-09 21:07 . 2008-01-09 21:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-09 21:07 . 2008-01-12 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-09 19:04 . 2008-01-09 19:04 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-07 21:46 . 2008-01-09 19:35 <DIR> d--hs---- C:\Documents and Settings\Jaimy\Onlangs geopend
2008-01-06 20:51 . 2008-01-06 20:51 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Start
2008-01-05 20:57 . 2008-01-05 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-05 20:56 . 2008-01-12 19:14 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
2008-01-05 20:19 . 2008-01-13 10:07 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\uTorrent
2008-01-05 19:55 . 2008-01-05 20:22 <DIR> d-------- C:\Program Files\uTorrent
2007-12-31 10:50 . 2007-12-31 10:50 <DIR> d-------- C:\Documents and Settings\Jaimy\Application Data\Lavasoft
2007-12-30 11:45 . 2007-12-30 11:45 <DIR> d-------- C:\Documents and Settings\Jaimy\Application Data\vlc
2007-12-30 11:42 . 2007-12-30 11:42 <DIR> d-------- C:\Program Files\VideoLAN
2007-12-26 17:01 . 2007-12-26 17:01 <DIR> d-------- C:\Program Files\XviD
2007-12-26 17:00 . 2005-03-18 01:01 626,688 --a------ C:\WINDOWS\system32\NCTImageFile.dll
2007-12-26 17:00 . 2005-02-22 03:32 312,320 --a------ C:\WINDOWS\system32\NCTVideoView.dll
2007-12-26 16:59 . 2005-05-25 01:24 764,416 --a------ C:\WINDOWS\system32\NCTRMFile.dll
2007-12-26 16:59 . 2005-07-19 03:53 249,856 --a------ C:\WINDOWS\system32\NCTQuickTimeFile.dll
2007-12-26 16:59 . 2005-07-01 04:09 215,552 --a------ C:\WINDOWS\system32\NCTWMVFile.dll
2007-12-26 16:59 . 2005-06-29 02:28 188,416 --a------ C:\WINDOWS\system32\NCTVideoFile.dll
2007-12-26 16:58 . 2005-07-20 23:33 2,846,720 --a------ C:\WINDOWS\system32\NCTAudioCompress3.dll
2007-12-26 16:58 . 2005-04-14 05:07 780,288 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll
2007-12-26 16:58 . 2005-07-08 04:31 495,104 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll
2007-12-26 16:58 . 2005-06-07 04:11 382,464 --a------ C:\WINDOWS\system32\NCTAVIFile.dll
2007-12-26 16:58 . 2005-06-15 06:04 90,112 --a------ C:\WINDOWS\system32\NCTAudioFormatSettings3.dll
2007-12-26 16:57 . 2007-12-26 16:57 <DIR> d-------- C:\WINDOWS\system32\RMBin
2007-12-26 16:57 . 2007-12-26 17:00 <DIR> d-------- C:\Program Files\Plato Video Converter
2007-12-26 16:57 . 2007-03-09 09:36 856,064 --a------ C:\WINDOWS\system32\mpgfiltr.ax
2007-12-26 16:57 . 2005-05-31 22:16 778,240 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll
2007-12-26 16:57 . 2005-11-25 07:46 421,888 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
2007-12-26 16:57 . 2003-08-07 01:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-12-26 16:57 . 2007-03-09 09:35 208,896 --a------ C:\WINDOWS\system32\VideoEdit.ocx
2007-12-26 16:57 . 2007-03-09 09:37 147,456 --a------ C:\WINDOWS\system32\viscomqtenc.dll
2007-12-26 16:57 . 2007-03-09 09:37 139,264 --a------ C:\WINDOWS\system32\viscomqtde.dll
2007-12-26 16:57 . 2007-03-09 09:36 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2007-12-25 11:55 . 2007-12-25 11:55 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\PCToolsFirewallPlus
2007-12-24 18:32 . 2007-12-24 18:32 <DIR> d-------- C:\Documents and Settings\Jaimy\Application Data\PCToolsFirewallPlus
2007-12-24 18:30 . 2008-01-16 17:00 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-24 17:40 . 2007-12-24 18:28 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-12-24 17:26 . 2008-01-12 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2007-12-23 12:41 . 2008-01-17 23:21 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\Orbit
2007-12-20 19:43 . 2008-01-10 14:08 <DIR> d-------- C:\Documents and Settings\Jaimy\Application Data\uTorrent

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-16 13:57 --------- d-----w C:\Program Files\Lavasoft
2008-01-16 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-16 13:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-13 17:07 --------- d-----w C:\Program Files\Windows Live
2008-01-13 17:02 --------- d-----w C:\Program Files\Hitman Pro
2008-01-12 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-11 16:25 --------- d-----w C:\Documents and Settings\Windows\Application Data\LimeWire
2008-01-10 13:08 --------- d-----w C:\Documents and Settings\Windows\Application Data\Azureus
2008-01-10 13:08 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\LimeWire
2008-01-10 13:08 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\Azureus
2008-01-09 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-09 20:11 --------- d-----w C:\Program Files\iTunes
2008-01-09 20:03 --------- d-----w C:\Program Files\Orbitdownloader
2007-12-24 17:39 --------- d-----w C:\Program Files\MagicISO
2007-12-24 15:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2007-12-23 10:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-20 19:18 --------- d-----w C:\Documents and Settings\Windows\Application Data\MXPLAY
2007-12-20 18:05 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\MXPLAY
2007-12-19 18:46 --------- d-----w C:\Program Files\LimeWire
2007-12-15 12:32 --------- d-----w C:\Documents and Settings\Windows\Application Data\iolo
2007-12-12 19:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-10 20:01 --------- d-----w C:\Program Files\Trust
2007-12-07 17:41 --------- d-----w C:\Program Files\VistaBar
2007-12-04 18:45 --------- d-----w C:\Program Files\TopDesk
2007-12-04 15:37 --------- d-----w C:\Program Files\Vistart
2007-12-03 19:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\MXPLAY
2007-12-03 18:18 --------- d-----w C:\Program Files\Visualtooltip
2007-12-03 16:42 --------- d-----w C:\Program Files\Styler
2007-12-03 16:41 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\ViStart
2007-12-03 16:20 --------- d-----w C:\Program Files\WinFlip
2007-12-03 16:20 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\Styler
2007-12-02 13:31 --------- d-----w C:\Documents and Settings\Windows\Application Data\TuneUp Software
2007-12-02 11:24 --------- d-----w C:\Program Files\DivX
2007-12-01 10:07 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-29 17:11 --------- d-----w C:\Program Files\iPod
2007-11-29 17:07 --------- d-----w C:\Program Files\QuickTime
2007-11-29 16:14 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\TuneUp Software
2007-11-29 16:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-11-25 19:00 --------- d-----w C:\Program Files\Microsoft Private Folder 1.0
2007-11-24 15:04 39,424 ----a-w C:\WINDOWS\zipinst.exe
2007-11-24 14:43 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\Microsoft Games
2007-11-23 17:53 --------- d-----w C:\Program Files\HP
2007-11-19 14:38 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
.

Code:

<pre>
----a-w           437,160 2007-01-09 19:21:18  C:\Program Files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
----a-w            15,360 2005-01-09 19:49:12  C:\WINDOWS\system32\ctfmon .exe
</pre>

((((((((((((((((((((((((((((( [email protected]_16.32.45.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-13 15:14:20 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-18 09:19:26 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-13 15:14:21 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-18 09:19:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-13 15:14:21 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-18 09:19:26 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-13 15:14:21 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-18 09:19:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-13 15:14:22 7,864,320 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-18 09:19:26 7,970,816 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-13 15:14:22 196,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-18 09:19:26 196,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-16 13:57:24 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-01-16 13:57:24 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-01-16 13:57:24 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-01-16 13:57:24 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
- 2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-07-11 12:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
- 2007-12-31 09:47:55 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-07 11:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
- 2007-12-31 09:47:56 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2007-08-07 11:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
- 2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
+ 2007-12-14 10:32:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
- 2008-01-10 15:19:27 63,584 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-14 14:15:27 63,324 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-10 15:19:27 92,210 ----a-w C:\WINDOWS\system32\perfc013.dat
+ 2008-01-14 14:15:27 91,900 ----a-w C:\WINDOWS\system32\perfc013.dat
- 2008-01-10 15:19:27 404,364 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-14 14:15:27 404,104 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-10 15:19:27 494,200 ----a-w C:\WINDOWS\system32\perfh013.dat
+ 2008-01-14 14:15:27 493,906 ----a-w C:\WINDOWS\system32\perfh013.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:03 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTrayp"="VTtrayp.exe" [2005-03-11 03:33 147456 C:\WINDOWS\system32\VTTrayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:03 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-09 21:07 219136]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LockTaskbar"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"LockTaskbar"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-02-07 16:31 226992 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 14:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-12 12:38 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2005-04-26 04:22 589824 C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-06-20 14:42 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2005-03-07 13:33 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AVGEMS"=2 (0x2)

R0 viaidexp;viaidexp;C:\WINDOWS\system32\drivers\viaidexp.sys [2005-05-09 02:03]
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2005-04-26 04:22]
R0 XPacket;iolo Personal Firewall Driver;C:\WINDOWS\system32\xpacket.sys [2006-11-14 17:30]
R2 Prvflder;Prvflder;C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 08:22]
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 03:03]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da73b261-c11d-11dc-b1e0-0016ec1d6ab1}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-11 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-16 17:56:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-18 09:34:13 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 10:37:13
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwQuerySystemInformation

scannen van verborgen processen ...

C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe [1708]

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-18 10:39:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-18 09:39:25
ComboFix2.txt 2008-01-17 10:34:53
ComboFix3.txt 2008-01-15 22:45:12
ComboFix4.txt 2008-01-14 15:42:43
ComboFix5.txt 2008-01-14 15:24:14
.
2008-01-13 17:00:47 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:39, on 18-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Windows\Bureaublad\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Toevoegen aan &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab?v=13,0,1609,00
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179410470535
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179427062265
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - VIA Technologies, Inc. - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: UPnPService - Unknown owner - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (file missing)
O23 - Service: Messenger USN Journal Reader service voor Gedeelde mappen (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

--
End of file - 8543 bytes

gr. Peter

**Marckie** · 18-01-08, 16:54

Open een kladblokbestand.
Kopieer de ondestaande code, en plak deze in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt

Code:

File::
C:\WINDOWS\system32\ddaya.exe
C:\WINDOWS\system32\pmkji.exe
C:\WINDOWS\system32\ctfmon .exe

RenV::
C:\Program Files\Common Files\Microsoft Shared\DW\dwtrig20 .exe

Driver::
UPnPService

Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.

**PretPro** · 18-01-08, 18:05

ComboFix 08-01-18.4 - Windows 2008-01-18 17:43:20.11 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.119 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Windows\Bureaublad\ComboFix.exe
Command switches used :: J:\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((( Bestanden Gemaakt van 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))
.

2008-01-17 23:33 . 2008-01-18 10:55 <DIR> d--hs---- C:\Documents and Settings\Windows\Onlangs geopend
2008-01-13 22:01 . 2008-01-13 22:01 3,584 --a------ C:\WINDOWS\system32\ddaya.exe
2008-01-13 21:11 . 2008-01-13 21:11 3,584 --a------ C:\WINDOWS\system32\pmkji.exe
2008-01-13 19:14 . 2008-01-16 16:26 <DIR> d-------- C:\Documents and Settings\Windows\DoctorWeb
2008-01-13 16:13 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 20:46 . 2008-01-12 20:51 <DIR> d-------- C:\Program Files\Fx Video Converter
2008-01-12 20:46 . 2001-03-13 12:50 525,352 --a------ C:\WINDOWS\system32\dbgrid32.ocx
2008-01-12 20:46 . 2001-08-17 12:18 508,928 --a------ C:\WINDOWS\system32\msde.dll
2008-01-12 20:46 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-01-12 20:46 . 1998-07-29 14:08 363,008 --a------ C:\WINDOWS\system32\BUYB12.dll
2008-01-12 20:46 . 2001-03-13 12:53 77,824 --a------ C:\WINDOWS\system32\msbind.dll
2008-01-12 20:46 . 1998-07-29 14:08 46,592 --a------ C:\WINDOWS\system32\buyb12ex.dll
2008-01-12 20:46 . 2003-08-04 00:34 40,960 --a------ C:\WINDOWS\system32\FXDV1to2.dll
2008-01-12 20:46 . 2003-03-06 10:43 36,864 --a------ C:\WINDOWS\system32\FxPanel.ocx
2008-01-12 20:46 . 1998-07-29 14:08 28,160 --a------ C:\WINDOWS\system32\BuyB12Ax.ocx
2008-01-12 20:31 . 2008-01-12 21:18 <DIR> d-------- C:\Program Files\Free FLV Converter
2008-01-12 20:31 . 2005-05-14 20:09 2,179,072 --a------ C:\WINDOWS\system32\mfc71d.dll
2008-01-12 20:31 . 2006-07-11 18:06 765,952 --a------ C:\WINDOWS\system32\msvcp71d.dll
2008-01-12 20:31 . 2006-07-11 18:06 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2008-01-12 20:31 . 2007-06-18 23:22 364,544 --a------ C:\WINDOWS\system32\PropertyGrid.ocx
2008-01-12 20:31 . 2005-10-13 13:42 208,500 --a------ C:\WINDOWS\system32\ReyXpBasics.tlb
2008-01-12 20:31 . 2004-03-09 00:00 84,512 --a------ C:\WINDOWS\system32\PICCLP32.OCX
2008-01-12 20:31 . 2005-09-28 01:31 24,576 --a------ C:\WINDOWS\system32\ControlSubX.ocx
2008-01-12 20:31 . 1998-07-12 23:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2008-01-12 20:31 . 1998-07-13 00:00 9,728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL
2008-01-12 20:05 . 2008-01-12 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-01-12 19:54 . 2008-01-12 20:08 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-12 16:22 . 2008-01-12 16:22 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\ESET
2008-01-12 15:51 . 2008-01-13 16:12 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\U3
2008-01-10 16:03 . 2008-01-10 16:07 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-10 15:41 . 2008-01-13 17:56 4,602 --a------ C:\WINDOWS\wininit.ini
2008-01-10 15:25 . 2008-01-12 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-09 21:08 . 2008-01-09 21:12 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\AVG7
2008-01-09 21:08 . 2008-01-09 21:08 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-09 21:07 . 2008-01-09 21:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-09 21:07 . 2008-01-12 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-09 19:04 . 2008-01-09 19:04 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-07 21:46 . 2008-01-09 19:35 <DIR> d--hs---- C:\Documents and Settings\Jaimy\Onlangs geopend
2008-01-06 20:51 . 2008-01-06 20:51 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Start
2008-01-05 20:57 . 2008-01-05 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-05 20:56 . 2008-01-12 19:14 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
2008-01-05 20:19 . 2008-01-13 10:07 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\uTorrent
2008-01-05 19:55 . 2008-01-05 20:22 <DIR> d-------- C:\Program Files\uTorrent
2007-12-31 10:50 . 2007-12-31 10:50 <DIR> d-------- C:\Documents and Settings\Jaimy\Application Data\Lavasoft
2007-12-30 11:45 . 2007-12-30 11:45 <DIR> d-------- C:\Documents and Settings\Jaimy\Application Data\vlc
2007-12-30 11:42 . 2007-12-30 11:42 <DIR> d-------- C:\Program Files\VideoLAN
2007-12-26 17:01 . 2007-12-26 17:01 <DIR> d-------- C:\Program Files\XviD
2007-12-26 17:00 . 2005-03-18 01:01 626,688 --a------ C:\WINDOWS\system32\NCTImageFile.dll
2007-12-26 17:00 . 2005-02-22 03:32 312,320 --a------ C:\WINDOWS\system32\NCTVideoView.dll
2007-12-26 16:59 . 2005-05-25 01:24 764,416 --a------ C:\WINDOWS\system32\NCTRMFile.dll
2007-12-26 16:59 . 2005-07-19 03:53 249,856 --a------ C:\WINDOWS\system32\NCTQuickTimeFile.dll
2007-12-26 16:59 . 2005-07-01 04:09 215,552 --a------ C:\WINDOWS\system32\NCTWMVFile.dll
2007-12-26 16:59 . 2005-06-29 02:28 188,416 --a------ C:\WINDOWS\system32\NCTVideoFile.dll
2007-12-26 16:58 . 2005-07-20 23:33 2,846,720 --a------ C:\WINDOWS\system32\NCTAudioCompress3.dll
2007-12-26 16:58 . 2005-04-14 05:07 780,288 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll
2007-12-26 16:58 . 2005-07-08 04:31 495,104 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll
2007-12-26 16:58 . 2005-06-07 04:11 382,464 --a------ C:\WINDOWS\system32\NCTAVIFile.dll
2007-12-26 16:58 . 2005-06-15 06:04 90,112 --a------ C:\WINDOWS\system32\NCTAudioFormatSettings3.dll
2007-12-26 16:57 . 2007-12-26 16:57 <DIR> d-------- C:\WINDOWS\system32\RMBin
2007-12-26 16:57 . 2007-12-26 17:00 <DIR> d-------- C:\Program Files\Plato Video Converter
2007-12-26 16:57 . 2007-03-09 09:36 856,064 --a------ C:\WINDOWS\system32\mpgfiltr.ax
2007-12-26 16:57 . 2005-05-31 22:16 778,240 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll
2007-12-26 16:57 . 2005-11-25 07:46 421,888 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
2007-12-26 16:57 . 2003-08-07 01:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-12-26 16:57 . 2007-03-09 09:35 208,896 --a------ C:\WINDOWS\system32\VideoEdit.ocx
2007-12-26 16:57 . 2007-03-09 09:37 147,456 --a------ C:\WINDOWS\system32\viscomqtenc.dll
2007-12-26 16:57 . 2007-03-09 09:37 139,264 --a------ C:\WINDOWS\system32\viscomqtde.dll
2007-12-26 16:57 . 2007-03-09 09:36 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2007-12-25 11:55 . 2007-12-25 11:55 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\PCToolsFirewallPlus
2007-12-24 18:32 . 2007-12-24 18:32 <DIR> d-------- C:\Documents and Settings\Jaimy\Application Data\PCToolsFirewallPlus
2007-12-24 18:30 . 2008-01-16 17:00 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-24 17:40 . 2007-12-24 18:28 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-12-24 17:26 . 2008-01-12 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2007-12-23 12:41 . 2008-01-17 23:21 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\Orbit
2007-12-20 19:43 . 2008-01-10 14:08 <DIR> d-------- C:\Documents and Settings\Jaimy\Application Data\uTorrent

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-16 13:57 --------- d-----w C:\Program Files\Lavasoft
2008-01-16 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-16 13:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-13 17:07 --------- d-----w C:\Program Files\Windows Live
2008-01-13 17:02 --------- d-----w C:\Program Files\Hitman Pro
2008-01-12 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-11 16:25 --------- d-----w C:\Documents and Settings\Windows\Application Data\LimeWire
2008-01-10 13:08 --------- d-----w C:\Documents and Settings\Windows\Application Data\Azureus
2008-01-10 13:08 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\LimeWire
2008-01-10 13:08 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\Azureus
2008-01-09 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-09 20:11 --------- d-----w C:\Program Files\iTunes
2008-01-09 20:03 --------- d-----w C:\Program Files\Orbitdownloader
2007-12-24 17:39 --------- d-----w C:\Program Files\MagicISO
2007-12-24 15:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2007-12-23 10:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-20 19:18 --------- d-----w C:\Documents and Settings\Windows\Application Data\MXPLAY
2007-12-20 18:05 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\MXPLAY
2007-12-19 18:46 --------- d-----w C:\Program Files\LimeWire
2007-12-15 12:32 --------- d-----w C:\Documents and Settings\Windows\Application Data\iolo
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-12 19:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-10 20:01 --------- d-----w C:\Program Files\Trust
2007-12-07 17:44 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-07 17:41 --------- d-----w C:\Program Files\VistaBar
2007-12-04 18:45 --------- d-----w C:\Program Files\TopDesk
2007-12-04 18:04 2,324,352 ----a-w C:\WINDOWS\system32\TUKernel.exe
2007-12-04 15:37 --------- d-----w C:\Program Files\Vistart
2007-12-03 19:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\MXPLAY
2007-12-03 18:18 --------- d-----w C:\Program Files\Visualtooltip
2007-12-03 16:42 --------- d-----w C:\Program Files\Styler
2007-12-03 16:41 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\ViStart
2007-12-03 16:20 --------- d-----w C:\Program Files\WinFlip
2007-12-03 16:20 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\Styler
2007-12-02 13:31 --------- d-----w C:\Documents and Settings\Windows\Application Data\TuneUp Software
2007-12-02 11:24 --------- d-----w C:\Program Files\DivX
2007-12-01 10:07 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-30 04:56 329,029 ----a-w C:\WINDOWS\system32\viwc.exe
2007-11-29 17:11 --------- d-----w C:\Program Files\iPod
2007-11-29 17:07 --------- d-----w C:\Program Files\QuickTime
2007-11-29 16:14 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\TuneUp Software
2007-11-29 16:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-11-25 19:00 --------- d-----w C:\Program Files\Microsoft Private Folder 1.0
2007-11-24 15:04 39,424 ----a-w C:\WINDOWS\zipinst.exe
2007-11-24 14:43 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\Microsoft Games
2007-11-23 17:53 --------- d-----w C:\Program Files\HP
2007-11-19 14:38 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-07 09:51 732,160 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
.

Code:

<pre>
----a-w           437,160 2007-01-09 19:21:18  C:\Program Files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
----a-w            15,360 2005-01-09 19:49:12  C:\WINDOWS\system32\ctfmon .exe
</pre>

((((((((((((((((((((((((((((( snapshot_2008-01-18_10.38.50.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-18 09:19:26 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-18 16:43:07 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-18 09:19:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-18 16:43:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-18 09:19:26 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-18 16:43:07 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-18 09:19:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-18 16:43:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-18 09:19:26 7,970,816 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-18 16:43:07 7,970,816 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-18 09:19:26 196,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-18 16:43:08 196,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:03 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTrayp"="VTtrayp.exe" [2005-03-11 03:33 147456 C:\WINDOWS\system32\VTTrayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:03 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-09 21:07 219136]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LockTaskbar"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"LockTaskbar"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-02-07 16:31 226992 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 14:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-12 12:38 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2005-04-26 04:22 589824 C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-06-20 14:42 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2005-03-07 13:33 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AVGEMS"=2 (0x2)

R0 viaidexp;viaidexp;C:\WINDOWS\system32\drivers\viaidexp.sys [2005-05-09 02:03]
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2005-04-26 04:22]
R0 XPacket;iolo Personal Firewall Driver;C:\WINDOWS\system32\xpacket.sys [2006-11-14 17:30]
R2 Prvflder;Prvflder;C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 08:22]
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 03:03]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-11 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-16 17:56:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-18 16:44:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 17:47:39
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwQuerySystemInformation

scannen van verborgen processen ...

C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe [1732]

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-18 17:49:20
ComboFix-quarantined-files.txt 2008-01-18 16:49:15
ComboFix2.txt 2008-01-18 09:39:34
ComboFix3.txt 2008-01-17 10:34:53
ComboFix4.txt 2008-01-15 22:45:12
ComboFix5.txt 2008-01-14 15:42:43
.
2008-01-13 17:00:47 --- E O F ---

**Marckie** · 18-01-08, 18:30

Je doet wat verkeerd hoor.

Je moet alles kopiëren wat in de code box staat en dat in CFScript opslaan.
Plaats dit op je bureaublad.

Herhaal de stappen.

**PretPro** · 18-01-08, 18:58

weet niet wat ik fout had gedaan, misschien zo beter?

ComboFix 08-01-18.4 - Windows 2008-01-18 18:45:36.12 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.101 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Windows\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Windows\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ddaya.exe
C:\WINDOWS\system32\pmkji.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ddaya.exe
C:\WINDOWS\system32\pmkji.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_UPNPSERVICE
-------\UPnPService

(((((((((((((((((((( Bestanden Gemaakt van 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))
.

2008-01-17 23:33 . 2008-01-18 18:44 <DIR> d--hs---- C:\Documents and Settings\Windows\Onlangs geopend
2008-01-13 19:14 . 2008-01-16 16:26 <DIR> d-------- C:\Documents and Settings\Windows\DoctorWeb
2008-01-13 16:13 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 20:46 . 2008-01-12 20:51 <DIR> d-------- C:\Program Files\Fx Video Converter
2008-01-12 20:46 . 2001-03-13 12:50 525,352 --a------ C:\WINDOWS\system32\dbgrid32.ocx
2008-01-12 20:46 . 2001-08-17 12:18 508,928 --a------ C:\WINDOWS\system32\msde.dll
2008-01-12 20:46 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-01-12 20:46 . 1998-07-29 14:08 363,008 --a------ C:\WINDOWS\system32\BUYB12.dll
2008-01-12 20:46 . 2001-03-13 12:53 77,824 --a------ C:\WINDOWS\system32\msbind.dll
2008-01-12 20:46 . 1998-07-29 14:08 46,592 --a------ C:\WINDOWS\system32\buyb12ex.dll
2008-01-12 20:46 . 2003-08-04 00:34 40,960 --a------ C:\WINDOWS\system32\FXDV1to2.dll
2008-01-12 20:46 . 2003-03-06 10:43 36,864 --a------ C:\WINDOWS\system32\FxPanel.ocx
2008-01-12 20:46 . 1998-07-29 14:08 28,160 --a------ C:\WINDOWS\system32\BuyB12Ax.ocx
2008-01-12 20:31 . 2008-01-12 21:18 <DIR> d-------- C:\Program Files\Free FLV Converter
2008-01-12 20:31 . 2005-05-14 20:09 2,179,072 --a------ C:\WINDOWS\system32\mfc71d.dll
2008-01-12 20:31 . 2006-07-11 18:06 765,952 --a------ C:\WINDOWS\system32\msvcp71d.dll
2008-01-12 20:31 . 2006-07-11 18:06 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2008-01-12 20:31 . 2007-06-18 23:22 364,544 --a------ C:\WINDOWS\system32\PropertyGrid.ocx
2008-01-12 20:31 . 2005-10-13 13:42 208,500 --a------ C:\WINDOWS\system32\ReyXpBasics.tlb
2008-01-12 20:31 . 2004-03-09 00:00 84,512 --a------ C:\WINDOWS\system32\PICCLP32.OCX
2008-01-12 20:31 . 2005-09-28 01:31 24,576 --a------ C:\WINDOWS\system32\ControlSubX.ocx
2008-01-12 20:31 . 1998-07-12 23:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2008-01-12 20:31 . 1998-07-13 00:00 9,728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL
2008-01-12 20:05 . 2008-01-12 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-01-12 19:54 . 2008-01-12 20:08 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-12 16:22 . 2008-01-12 16:22 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\ESET
2008-01-12 15:51 . 2008-01-13 16:12 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\U3
2008-01-10 16:03 . 2008-01-10 16:07 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-10 15:41 . 2008-01-13 17:56 4,602 --a------ C:\WINDOWS\wininit.ini
2008-01-10 15:25 . 2008-01-12 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-09 21:08 . 2008-01-09 21:12 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\AVG7
2008-01-09 21:08 . 2008-01-09 21:08 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-09 21:07 . 2008-01-09 21:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-09 21:07 . 2008-01-12 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-09 19:04 . 2008-01-09 19:04 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-07 21:46 . 2008-01-09 19:35 <DIR> d--hs---- C:\Documents and Settings\Jaimy\Onlangs geopend
2008-01-06 20:51 . 2008-01-06 20:51 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Start
2008-01-05 20:57 . 2008-01-05 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-05 20:56 . 2008-01-12 19:14 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
2008-01-05 20:19 . 2008-01-13 10:07 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\uTorrent
2008-01-05 19:55 . 2008-01-05 20:22 <DIR> d-------- C:\Program Files\uTorrent
2007-12-31 10:50 . 2007-12-31 10:50 <DIR> d-------- C:\Documents and Settings\Jaimy\Application Data\Lavasoft
2007-12-30 11:45 . 2007-12-30 11:45 <DIR> d-------- C:\Documents and Settings\Jaimy\Application Data\vlc
2007-12-30 11:42 . 2007-12-30 11:42 <DIR> d-------- C:\Program Files\VideoLAN
2007-12-26 17:01 . 2007-12-26 17:01 <DIR> d-------- C:\Program Files\XviD
2007-12-26 17:00 . 2005-03-18 01:01 626,688 --a------ C:\WINDOWS\system32\NCTImageFile.dll
2007-12-26 17:00 . 2005-02-22 03:32 312,320 --a------ C:\WINDOWS\system32\NCTVideoView.dll
2007-12-26 16:59 . 2005-05-25 01:24 764,416 --a------ C:\WINDOWS\system32\NCTRMFile.dll
2007-12-26 16:59 . 2005-07-19 03:53 249,856 --a------ C:\WINDOWS\system32\NCTQuickTimeFile.dll
2007-12-26 16:59 . 2005-07-01 04:09 215,552 --a------ C:\WINDOWS\system32\NCTWMVFile.dll
2007-12-26 16:59 . 2005-06-29 02:28 188,416 --a------ C:\WINDOWS\system32\NCTVideoFile.dll
2007-12-26 16:58 . 2005-07-20 23:33 2,846,720 --a------ C:\WINDOWS\system32\NCTAudioCompress3.dll
2007-12-26 16:58 . 2005-04-14 05:07 780,288 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll
2007-12-26 16:58 . 2005-07-08 04:31 495,104 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll
2007-12-26 16:58 . 2005-06-07 04:11 382,464 --a------ C:\WINDOWS\system32\NCTAVIFile.dll
2007-12-26 16:58 . 2005-06-15 06:04 90,112 --a------ C:\WINDOWS\system32\NCTAudioFormatSettings3.dll
2007-12-26 16:57 . 2007-12-26 16:57 <DIR> d-------- C:\WINDOWS\system32\RMBin
2007-12-26 16:57 . 2007-12-26 17:00 <DIR> d-------- C:\Program Files\Plato Video Converter
2007-12-26 16:57 . 2007-03-09 09:36 856,064 --a------ C:\WINDOWS\system32\mpgfiltr.ax
2007-12-26 16:57 . 2005-05-31 22:16 778,240 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll
2007-12-26 16:57 . 2005-11-25 07:46 421,888 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
2007-12-26 16:57 . 2003-08-07 01:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-12-26 16:57 . 2007-03-09 09:35 208,896 --a------ C:\WINDOWS\system32\VideoEdit.ocx
2007-12-26 16:57 . 2007-03-09 09:37 147,456 --a------ C:\WINDOWS\system32\viscomqtenc.dll
2007-12-26 16:57 . 2007-03-09 09:37 139,264 --a------ C:\WINDOWS\system32\viscomqtde.dll
2007-12-26 16:57 . 2007-03-09 09:36 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2007-12-25 11:55 . 2007-12-25 11:55 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\PCToolsFirewallPlus
2007-12-24 18:32 . 2007-12-24 18:32 <DIR> d-------- C:\Documents and Settings\Jaimy\Application Data\PCToolsFirewallPlus
2007-12-24 18:30 . 2008-01-16 17:00 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-24 17:40 . 2007-12-24 18:28 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-12-24 17:26 . 2008-01-12 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2007-12-23 12:41 . 2008-01-17 23:21 <DIR> d-------- C:\Documents and Settings\Windows\Application Data\Orbit
2007-12-20 19:43 . 2008-01-10 14:08 <DIR> d-------- C:\Documents and Settings\Jaimy\Application Data\uTorrent

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-16 13:57 --------- d-----w C:\Program Files\Lavasoft
2008-01-16 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-16 13:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-13 17:07 --------- d-----w C:\Program Files\Windows Live
2008-01-13 17:02 --------- d-----w C:\Program Files\Hitman Pro
2008-01-12 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-11 16:25 --------- d-----w C:\Documents and Settings\Windows\Application Data\LimeWire
2008-01-10 13:08 --------- d-----w C:\Documents and Settings\Windows\Application Data\Azureus
2008-01-10 13:08 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\LimeWire
2008-01-10 13:08 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\Azureus
2008-01-09 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-09 20:11 --------- d-----w C:\Program Files\iTunes
2008-01-09 20:03 --------- d-----w C:\Program Files\Orbitdownloader
2007-12-24 17:39 --------- d-----w C:\Program Files\MagicISO
2007-12-24 15:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2007-12-23 10:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-20 19:18 --------- d-----w C:\Documents and Settings\Windows\Application Data\MXPLAY
2007-12-20 18:05 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\MXPLAY
2007-12-19 18:46 --------- d-----w C:\Program Files\LimeWire
2007-12-15 12:32 --------- d-----w C:\Documents and Settings\Windows\Application Data\iolo
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-12 19:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-10 20:01 --------- d-----w C:\Program Files\Trust
2007-12-07 17:44 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-07 17:41 --------- d-----w C:\Program Files\VistaBar
2007-12-04 18:45 --------- d-----w C:\Program Files\TopDesk
2007-12-04 18:04 2,324,352 ----a-w C:\WINDOWS\system32\TUKernel.exe
2007-12-04 15:37 --------- d-----w C:\Program Files\Vistart
2007-12-03 19:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\MXPLAY
2007-12-03 18:18 --------- d-----w C:\Program Files\Visualtooltip
2007-12-03 16:42 --------- d-----w C:\Program Files\Styler
2007-12-03 16:41 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\ViStart
2007-12-03 16:20 --------- d-----w C:\Program Files\WinFlip
2007-12-03 16:20 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\Styler
2007-12-02 13:31 --------- d-----w C:\Documents and Settings\Windows\Application Data\TuneUp Software
2007-12-02 11:24 --------- d-----w C:\Program Files\DivX
2007-12-01 10:07 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-30 04:56 329,029 ----a-w C:\WINDOWS\system32\viwc.exe
2007-11-29 17:11 --------- d-----w C:\Program Files\iPod
2007-11-29 17:07 --------- d-----w C:\Program Files\QuickTime
2007-11-29 16:14 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\TuneUp Software
2007-11-29 16:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-11-25 19:00 --------- d-----w C:\Program Files\Microsoft Private Folder 1.0
2007-11-24 15:04 39,424 ----a-w C:\WINDOWS\zipinst.exe
2007-11-24 14:43 --------- d-----w C:\Documents and Settings\Jaimy\Application Data\Microsoft Games
2007-11-23 17:53 --------- d-----w C:\Program Files\HP
2007-11-19 14:38 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-07 09:51 732,160 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
.

((((((((((((((((((((((((((((( snapshot_2008-01-18_10.38.50.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-18 09:19:26 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-18 17:45:22 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-18 09:19:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-18 17:45:22 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-18 09:19:26 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-18 17:45:22 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-18 09:19:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-18 17:45:22 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-18 09:19:26 7,970,816 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-18 17:45:22 7,970,816 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-18 09:19:26 196,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-18 17:45:22 196,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:03 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTrayp"="VTtrayp.exe" [2005-03-11 03:33 147456 C:\WINDOWS\system32\VTTrayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:03 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-09 21:07 219136]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-01-09 20:21 437160]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LockTaskbar"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"LockTaskbar"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-02-07 16:31 226992 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 14:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-12 12:38 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2005-04-26 04:22 589824 C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-06-20 14:42 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2005-03-07 13:33 53248 C:\WINDOWS\system32\VTTimer.exe

R0 viaidexp;viaidexp;C:\WINDOWS\system32\drivers\viaidexp.sys [2005-05-09 02:03]
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2005-04-26 04:22]
R0 XPacket;iolo Personal Firewall Driver;C:\WINDOWS\system32\xpacket.sys [2006-11-14 17:30]
R2 Prvflder;Prvflder;C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 08:22]
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 03:03]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-11 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-16 17:56:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-18 17:54:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 18:52:30
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwQuerySystemInformation

scannen van verborgen processen ...

C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe [1944]

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-18 18:55:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-18 17:55:02
ComboFix2.txt 2008-01-18 16:49:21
ComboFix3.txt 2008-01-18 09:39:34
ComboFix4.txt 2008-01-17 10:34:53
ComboFix5.txt 2008-01-15 22:45:12
.
2008-01-13 17:00:47 --- E O F ---

**Marckie** · 18-01-08, 19:06

Ziet er al beter uit.
Zijn er nog problemen?

**PretPro** · 18-01-08, 19:07

durf eigenlijk nog niets te doen, maar als je wilt ga ik ff proberen

gr. Peter

**Marckie** · 18-01-08, 19:11

Je moet eens weer beginnen Peter. Dus waarom nu niet...

Let me know..

**PretPro** · 18-01-08, 23:31

hoi Marckie,

heb het geprobeerd, gaat al stukken beter.
Maar zijn ook programma's die het niet doen, zoals msn, en dit willen die apen graag.
Heb geprobeerd om het opnieuw te installeren, maar krijg het niet aan de gang.
Virus scanner en firewall blijven het nu wel doen.
Heb je nog een idee voor mij?

bvd gr. Peter

**PretPro** · 18-01-08, 23:55

hoi Marckie,

kan nog steeds niets installeren of verwijderen via configuratie/software.
Krijg een melding dat er al een programma wordt geinstalleerd of verwijderd.
Idee?

gr. Peter

**PretPro** · 19-01-08, 00:56

kom ook door de gehele pc allemaal .dat videocd film bestanden tegen ook in win/systeem32, volgens mij is dat niet ok.
Volgens mij moet ik hem gewoon opnieuw installeren, of heb je nog een oplossing?

hoor het graag van je
gr. Peter

Mededeling

tr/drop.agentdgo.8

tr/drop.agentdgo.8

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment