Mededeling

**Marckie** · 19-01-08, 18:33

Hallo,

Hoe kom je aan deze infectie?

Je gebruikt een oude versie van HijackThis. Best dat je deze versie gebruikt: http://www.trendsecure.com/portal/en...HJTInstall.exe

F3 - REG:win.ini: load=C:\Windows\system32\pmkih.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B41B09D1-9E05-43F7-A4BA-AA3D7FE88848} - C:\Windows\system32\pmkih.dll (file missing)
O2 - BHO: {3e53b976-a97f-e3a8-7ed4-2e4e15f388fc} - {cf883f51-e4e2-4de7-8a3e-f79a679b35e3} - C:\Windows\system32\msrwtyka.dll (file missing)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfgh.dll,#1
O4 - HKLM\..\Run: [07f176a2] rundll32.exe "C:\Windows\system32\kqqujhts.dll",b

Klik daarna op "Fix checked" en sluit HijackThis af.

Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

**jolandacb** · 19-01-08, 18:57

[QUOTE=Marckie;312651]

F3 - REG:win.ini: load=C:\Windows\system32\pmkih.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B41B09D1-9E05-43F7-A4BA-AA3D7FE88848} - C:\Windows\system32\pmkih.dll (file missing)
O2 - BHO: {3e53b976-a97f-e3a8-7ed4-2e4e15f388fc} - {cf883f51-e4e2-4de7-8a3e-f79a679b35e3} - C:\Windows\system32\msrwtyka.dll (file missing)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfgh.dll,#1
O4 - HKLM\..\Run: [07f176a2] rundll32.exe "C:\Windows\system32\kqqujhts.dll",b

QUOTE]

Bedankt voor je snelle hulp.
Maat ik begrijp niet wat ik met dit bovenstaande moet doen.
Dat staat in mijn log???
En wat moet ik er dan mee doen?

**jolandacb** · 19-01-08, 19:44

Had al begrepen wat de bedoeling was, denk ik.
Hier komen mij logs.

Hijjack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35:43, on 19-1-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [HTV Agent] C:\Program Files\HTV\HTV.exe
O4 - HKLM\..\Run: [HTV Agent] C:\Program Files\HTV\HTV .exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Mediacontrole Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5209/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 7225 bytes

En van combofix:

ComboFix 08-01-18.5 - Beheerder 2008-01-19 19:37:27.3 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1043.18.1335 [GMT 1:00]
Gestart vanuit: D:\Desktop\ComboFix.exe

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((( Bestanden Gemaakt van 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))
.

2008-01-19 19:00 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-19 17:13 . 2008-01-19 17:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-19 16:14 . 2008-01-19 16:14 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-01-19 16:14 . 2008-01-19 16:14 <DIR> d-------- C:\ProgramData\Lavasoft
2008-01-19 16:14 . 2008-01-19 16:14 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-19 16:04 . 2008-01-19 16:04 94 --a------ C:\Windows\wininit.ini
2008-01-19 15:33 . 2008-01-19 16:48 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-19 15:33 . 2008-01-19 16:48 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-01-19 14:25 . 2008-01-19 15:29 <DIR> d-------- C:\Users\Beheerder\AppData\Roaming\SUPERAntiSpyware.com
2008-01-19 14:25 . 2008-01-19 14:25 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-01-19 14:25 . 2008-01-19 14:25 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-01-19 14:25 . 2008-01-19 15:29 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-19 08:56 . 2008-01-19 08:58 <DIR> d-------- C:\Users\Beheerder\AppData\Roaming\AVG7
2008-01-19 08:56 . 2008-01-19 08:56 <DIR> d-------- C:\Users\All Users\Grisoft
2008-01-19 08:56 . 2008-01-19 08:56 <DIR> d-------- C:\ProgramData\Grisoft
2008-01-19 08:56 . 2008-01-19 08:56 9,216 --a------ C:\Windows\System32\avgwlntf.dll
2008-01-17 21:48 . 2008-01-17 21:47 512,096 --a------ C:\Windows\System32\drivers\amon.sys
2008-01-17 21:48 . 2008-01-17 21:47 298,104 --a------ C:\Windows\System32\imon.dll
2008-01-17 21:48 . 2008-01-17 21:47 15,424 --a------ C:\Windows\System32\drivers\nod32drv.sys
2008-01-17 21:11 . 2008-01-17 21:11 0 --ah----- C:\ProgramData.LOG2
2008-01-17 21:11 . 2008-01-17 21:11 0 --ah----- C:\ProgramData.LOG1
2008-01-17 18:32 . 2008-01-17 18:45 4,317,184 --a------ C:\Windows\RtHDVCpl .exe
2008-01-17 18:23 . 2008-01-17 18:30 <DIR> d-------- C:\Windows\BDOSCAN8
2008-01-17 18:13 . 2008-01-17 18:13 <DIR> d-------- C:\Windows\McAfee.com
2008-01-17 17:58 . 2008-01-17 19:50 <DIR> d-------- C:\Users\Beheerder\.housecall6.6
2008-01-17 16:37 . 2008-01-17 18:45 3,584 --a------ C:\Windows\System32\hkcmd .exe
2008-01-17 16:23 . 2004-10-07 13:39 89,088 --a------ C:\Windows\System32\atl71.dll
2008-01-17 16:12 . 2008-01-17 16:12 163,904 --a------ C:\Windows\System32\dirfvafi.dll
2008-01-17 10:31 . 2008-01-17 10:31 <DIR> d-------- C:\Users\Beheerder\AppData\Roaming\Ashampoo
2008-01-17 10:29 . 2008-01-17 10:29 <DIR> d-------- C:\Users\All Users\ashampoo
2008-01-17 10:29 . 2008-01-17 10:29 <DIR> d-------- C:\ProgramData\ashampoo
2008-01-17 10:29 . 2008-01-17 10:29 <DIR> d-------- C:\Program Files\Ashampoo
2008-01-15 19:58 . 2008-01-15 19:58 16,070 --a------ C:\Windows\System32\results.xml
2008-01-15 19:55 . 2008-01-15 19:55 <DIR> d-------- C:\Users\Beheerder\{10ee69cc-d4ee-482c-8f46-50b0ba7c9ebc}
2008-01-15 19:53 . 2008-01-15 19:53 <DIR> d-------- C:\Users\Beheerder\AppData\Roaming\Sony Corporation
2008-01-15 18:42 . 2008-01-15 18:42 <DIR> d-------- C:\Program Files\Sony
2008-01-15 18:41 . 2008-01-15 18:41 <DIR> d-------- C:\Users\All Users\Sony Corporation
2008-01-15 18:41 . 2008-01-15 18:41 <DIR> d-------- C:\ProgramData\Sony Corporation
2008-01-13 10:59 . 2008-01-13 10:59 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-01-12 09:19 . 2008-01-12 09:19 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-12 08:26 . 2008-01-12 08:26 2,560 --a------ C:\Windows\_MSRSTRT.EXE
2008-01-11 13:50 . 2008-01-11 13:50 <DIR> d-------- C:\Users\Beheerder\AppData\Roaming\PCToolsFirewallPlus
2008-01-11 13:47 . 2008-01-17 21:57 <DIR> d-a------ C:\Users\All Users\TEMP
2008-01-11 13:47 . 2008-01-17 21:57 <DIR> d-a------ C:\ProgramData\TEMP
2008-01-11 13:33 . 2008-01-19 16:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-11 13:32 . 2008-01-11 13:33 <DIR> d-------- C:\Users\Beheerder\AppData\Roaming\GetRightToGo
2008-01-11 13:32 . 2008-01-11 13:32 <DIR> d-------- C:\Downloads
2008-01-11 08:58 . 2008-01-19 08:58 <DIR> d-------- C:\Users\All Users\Avg7
2008-01-11 08:58 . 2008-01-19 08:58 <DIR> d-------- C:\ProgramData\Avg7
2008-01-10 19:14 . 2008-01-17 09:59 <DIR> d-------- C:\Users\Beheerder\AppData\Roaming\LimeWirePlus
2008-01-10 19:12 . 2008-01-10 19:12 <DIR> d-------- C:\Windows\Sun
2008-01-10 19:12 . 2008-01-13 18:07 <DIR> d-------- C:\Users\All Users\Google
2008-01-10 19:12 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl
2008-01-10 19:11 . 2008-01-10 19:12 <DIR> d-------- C:\Program Files\Java
2008-01-10 19:11 . 2008-01-10 19:11 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-10 19:03 . 2008-01-12 08:27 <DIR> d-------- C:\Program Files\LimewirePlus
2008-01-10 19:03 . 2008-01-17 09:48 <DIR> d-------- C:\Program Files\LimeWire Plus
2008-01-10 16:06 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2008-01-10 16:06 . 2007-05-16 16:45 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll
2008-01-10 16:06 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
2008-01-10 16:06 . 2007-05-16 16:45 1,124,720 --a------ C:\Windows\System32\D3DCompiler_34.dll
2008-01-10 16:06 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
2008-01-10 16:06 . 2007-05-16 16:45 443,752 --a------ C:\Windows\System32\d3dx10_34.dll
2008-01-10 16:06 . 2007-04-04 18:53 81,768 --a------ C:\Windows\System32\xinput1_3.dll
2008-01-10 06:53 . 2008-01-10 06:53 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-10 06:53 . 2008-01-10 06:53 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-10 06:53 . 2008-01-10 06:53 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-10 06:53 . 2008-01-10 06:53 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-10 06:53 . 2008-01-10 06:53 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-10 06:52 . 2008-01-10 06:52 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-10 06:52 . 2008-01-10 06:52 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-10 06:52 . 2008-01-10 06:52 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-10 06:52 . 2008-01-10 06:52 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-10 06:52 . 2008-01-10 06:52 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-10 06:52 . 2008-01-10 06:52 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-10 06:52 . 2008-01-10 06:52 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-10 06:52 . 2008-01-10 06:52 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-10 06:52 . 2008-01-10 06:52 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-01-10 06:51 . 2008-01-10 06:51 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-09 22:22 . 2008-01-09 22:22 <DIR> d--h----- C:\Windows\PIF
2008-01-09 18:39 . 2008-01-14 07:39 <DIR> d-------- C:\Program Files\Google
2008-01-09 18:26 . 2008-01-09 18:26 <DIR> d-------- C:\Users\Beheerder\AppData\Roaming\Apple Computer
2008-01-09 18:26 . 2008-01-09 18:26 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-01-09 18:26 . 2008-01-09 18:26 <DIR> d-------- C:\Users\All Users\Apple
2008-01-09 18:26 . 2008-01-09 18:26 <DIR> d-------- C:\ProgramData\Apple Computer
2008-01-09 18:26 . 2008-01-09 18:26 <DIR> d-------- C:\ProgramData\Apple
2008-01-09 18:26 . 2008-01-17 13:12 <DIR> d-------- C:\Program Files\QuickTime
2008-01-09 18:26 . 2008-01-17 13:12 <DIR> d-------- C:\Program Files\iTunes
2008-01-09 18:26 . 2008-01-09 18:26 <DIR> d-------- C:\Program Files\iPod
2008-01-09 18:26 . 2008-01-09 18:26 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-09 18:26 . 2008-01-09 18:26 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-09 18:26 . 2008-01-17 06:55 54,156 --ah----- C:\Windows\QTFont.qfn
2008-01-09 18:26 . 2008-01-09 18:27 1,409 --a------ C:\Windows\QTFont.for
2008-01-08 23:18 . 2008-01-08 23:18 <DIR> d-------- C:\Program Files\DivX
2008-01-08 22:13 . 2008-01-08 22:13 <DIR> d-------- C:\Program Files\Fox
2008-01-08 22:08 . 1997-05-12 17:53 314,368 --a------ C:\Windows\uninst.exe
2008-01-08 20:57 . 2008-01-08 20:57 268 --ah----- C:\sqmdata00.sqm
2008-01-08 20:57 . 2008-01-08 20:57 244 --ah----- C:\sqmnoopt00.sqm
2008-01-08 20:29 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-01-08 20:28 . 2008-01-08 20:28 <DIR> d-------- C:\Program Files\Microsoft Works

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 10:49 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-15 19:59 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-01-15 19:59 --------- d-----w C:\Program Files\Realtek
2008-01-15 17:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-12 11:06 --------- d-----w C:\ProgramData\Microsoft Help
2008-01-10 05:58 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 05:58 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 05:52 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-10 05:52 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-10 05:52 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-10 05:52 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-08 19:28 --------- d-----w C:\Program Files\MSBuild
2008-01-05 18:20 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-01-05 18:20 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-01-05 18:20 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-01-05 18:20 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-05 18:20 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-05 18:20 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-05 18:20 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-05 18:20 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-01-05 18:20 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-05 18:20 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-01-05 18:20 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-05 18:20 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-05 18:20 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-05 18:20 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-05 18:20 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2008-01-05 18:20 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-01-05 18:20 2,923,520 ----a-w C:\Windows\explorer.exe
2008-01-05 18:20 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-01-05 18:20 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-01-05 18:20 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-05 18:19 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-05 18:19 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-01-05 18:19 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-01-05 18:19 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-05 18:19 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-05 18:19 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2007-11-29 22:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2007-10-25 09:26 53,248 ----a-w C:\Windows\bdoscandel.exe
2007-10-19 18:25 174 --sha-w C:\Program Files\desktop.ini
2007-10-19 17:45 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-10-19 17:45 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-10-19 17:45 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-10-19 17:45 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-10-19 17:45 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-10-19 17:45 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-10-19 17:45 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-10-19 17:45 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-10-19 17:44 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-10-19 17:44 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-10-19 17:44 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-10-19 17:44 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-10-19 17:44 134,656 ----a-w C:\Windows\System32\dps.dll
2007-10-19 17:44 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-10-19 17:43 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-10-19 17:43 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-10-19 17:43 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-10-19 17:43 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-10-19 17:42 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-10-19 17:42 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-10-19 17:42 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-10-19 17:42 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-10-19 17:42 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-10-19 17:42 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-10-19 17:42 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-10-19 17:42 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-10-19 17:42 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-10-19 17:42 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-10-19 17:42 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-10-19 17:42 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-10-19 17:42 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-10-19 17:42 105,984 ----a-w C:\Windows\System32\CscMig.dll
2007-10-19 17:42 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-10-19 17:42 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-10-19 16:39 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-19 16:39 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-10-19 16:39 750,080 ----a-w C:\Windows\System32\qmgr.dll
2007-10-19 16:39 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-10-19 16:28 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2007-10-19 16:28 43,352 ----a-w C:\Windows\System32\wups2.dll
2007-10-19 16:28 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2007-10-19 16:28 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2007-10-19 16:27 80,896 ----a-w C:\Windows\System32\wudriver.dll
2007-10-19 16:27 549,720 ----a-w C:\Windows\System32\wuapi.dll
2007-10-19 16:27 33,624 ----a-w C:\Windows\System32\wups.dll
2007-10-19 16:27 31,232 ----a-w C:\Windows\System32\wuapp.exe
2007-10-19 16:27 163,000 ----a-w C:\Windows\System32\wuwebv.dll
.

Code:

<pre>
----a-w           949,376 2008-01-18 06:39:03  C:\Program Files\ESET\nod32kui .exe
----a-w         4,317,184 2008-01-17 17:45:37  C:\Windows\RtHDVCpl .exe
----a-w             3,584 2008-01-17 17:45:36  C:\Windows\System32\hkcmd .exe
</pre>

((((((((((((((((((((((((((((( [email protected]_19.20.51.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-19 18:18:51 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-01-19 18:31:59 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-01-07 08:27:06 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.da t
+ 2008-01-19 18:29:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.da t
- 2008-01-07 08:27:06 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-19 18:29:57 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-07 08:27:06 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-19 18:29:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-19 18:19:03 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-19 18:33:37 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-19 18:33:37 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-01-19 18:19:03 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-19 18:33:32 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-19 18:33:32 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-01-19 15:50:22 104,570 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-01-19 18:38:15 104,570 ----a-w C:\Windows\System32\perfc009.dat
- 2008-01-19 15:50:22 123,636 ----a-w C:\Windows\System32\perfc013.dat
+ 2008-01-19 18:38:15 123,636 ----a-w C:\Windows\System32\perfc013.dat
- 2008-01-19 15:50:22 612,848 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-01-19 18:38:15 612,848 ----a-w C:\Windows\System32\perfh009.dat
- 2008-01-19 15:50:22 692,336 ----a-w C:\Windows\System32\perfh013.dat
+ 2008-01-19 18:38:15 692,336 ----a-w C:\Windows\System32\perfh013.dat
- 2008-01-19 15:46:24 10,680 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1025942971-30602797-3602768030-1000_UserData.bin
+ 2008-01-19 18:33:58 11,076 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1025942971-30602797-3602768030-1000_UserData.bin
- 2008-01-19 15:46:24 51,856 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-19 18:33:58 51,872 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-01-19 15:46:23 48,022 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-01-19 18:33:57 48,160 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 06:51 1232896]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-15 09:47 1006264]
"RtHDVCpl"="RtHDVCpl.exe"

"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdc.exe" [ ]
"HTV Agent"="C:\Program Files\HTV\HTV.exe" [ ]
"HTV Agent"="C:\Program Files\HTV\HTV .exe" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-19 08:56 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-19 08:56 219136]

C:\Users\Beheerder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mediacontrole Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-01-15 18:42:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-01-19 08:56 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

R2 RapiMgr;Op Windows Mobile gebaseerde apparaatverbinding;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot

R2 WcesComm;Op Windows Mobile 2003 gebaseerde apparaatverbinding;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2006-11-15 15:24]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 03:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7217d408-4b04-11dc-8af3-806e6f6e6963}]
\shell\AutoRun\command - G:\autorun.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 19:39:01
Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-19 19:39:54
ComboFix-quarantined-files.txt 2008-01-19 18:39:51
ComboFix2.txt 2008-01-19 18:29:14
ComboFix3.txt 2008-01-19 18:21:33
.
2008-01-11 06:32:00 --- E O F ---

Tijdens het scannen van Combofix gaf mijn AVG-virusscanner, die ik er nu bij heb gezet omdat mijn eigen virusscanner het niet meer doet, 2x een melding van een threat. Die ik niet kon schonen of verwijderen. Dus kon ik alleen maar op ignore klikken.

Ik hoop dat jullie mij kunnen helpen.

**Marckie** · 20-01-08, 10:47

Je moest de hijackthislog maken na het uitvoeren van combofix.
Jij hebt deze gemaakt voor het gebruik van combofix.
Belangrijk is dat je de instructies correct uitvoert.

Open een kladblokbestand.
Kopieer de ondestaande code, en plak deze in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt

Code:

FILE::
C:\Windows\wininit.ini

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

RenV::
C:\Program Files\ESET\nod32kui .exe
C:\Windows\RtHDVCpl .exe
C:\Windows\System32\hkcmd .exe

Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.
Maak een nieuwe hijackthislog en post deze.

**Marckie** · 20-01-08, 10:59

Heb je gebruikersaccountbeheer uitgeschakeld op deze computer.

**jolandacb** · 20-01-08, 11:47

Ja, die is uitgeschakeld. Is dat goed of juist niet?

**jolandacb** · 20-01-08, 11:48

Ik ga nu de dingen doen die je hierboven beschreven hebt.
Sorry dat ik het niet helemaal juist had gedaan.

**jolandacb** · 20-01-08, 11:57

Combofix:

ComboFix 08-01-18.5 - Beheerder 2008-01-20 11:52:24.4 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1043.18.1268 [GMT 1:00]
Gestart vanuit: D:\Desktop\ComboFix.exe
Command switches used :: D:\Desktop\CFScript.txt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE
C:\Windows\wininit.ini
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\hkcmd.exe
C:\Windows\wininit.ini

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))
.

2008-01-20 11:04 . 2008-01-20 11:03 512,096 --a------ C:\Windows\System32\drivers\amon.sys
2008-01-20 11:04 . 2008-01-20 11:03 298,104 --a------ C:\Windows\System32\imon.dll
2008-01-20 11:04 . 2008-01-20 11:03 15,424 --a------ C:\Windows\System32\drivers\nod32drv.sys
2008-01-20 10:59 . 2008-01-20 10:59 <DIR> d-------- C:\Users\All Users\Avg7
2008-01-20 10:59 . 2008-01-20 10:59 <DIR> d-------- C:\ProgramData\Avg7
2008-01-20 10:40 . 2008-01-17 18:09 102,664 --a------ C:\Windows\System32\drivers\tmcomm.sys
2008-01-19 19:00 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-19 17:13 . 2008-01-19 17:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-19 16:14 . 2008-01-19 16:14 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-01-19 16:14 . 2008-01-19 16:14 <DIR> d-------- C:\ProgramData\Lavasoft
2008-01-19 16:14 . 2008-01-19 16:14 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-19 15:33 . 2008-01-19 16:48 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-19 15:33 . 2008-01-19 16:48 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-01-19 14:25 . 2008-01-19 15:29 <DIR> d-------- C:\Users\Beheerder\AppData\Roaming\SUPERAntiSpyware.com
2008-01-19 14:25 . 2008-01-19 14:25 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-01-19 14:25 . 2008-01-19 14:25 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-01-19 14:25 . 2008-01-19 15:29 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-17 21:11 . 2008-01-17 21:11 0 --ah----- C:\ProgramData.LOG2
2008-01-17 21:11 . 2008-01-17 21:11 0 --ah----- C:\ProgramData.LOG1
2008-01-17 18:32 . 2008-01-17 18:45 4,317,184 --a------ C:\Windows\RtHDVCpl.exe
2008-01-17 18:23 . 2008-01-17 18:30 <DIR> d-------- C:\Windows\BDOSCAN8
2008-01-17 18:13 . 2008-01-17 18:13 <DIR> d-------- C:\Windows\McAfee.com
2008-01-17 17:58 . 2008-01-20 10:40 <DIR> d-------- C:\Users\Beheerder\.housecall6.6
2008-01-17 16:23 . 2004-10-07 13:39 89,088 --a------ C:\Windows\System32\atl71.dll
2008-01-17 10:31 . 2008-01-17 10:31 <DIR> d-------- C:\Users\Beheerder\AppData\Roaming\Ashampoo
2008-01-17 10:29 . 2008-01-17 10:29 <DIR> d-------- C:\Users\All Users\ashampoo
2008-01-17 10:29 . 2008-01-17 10:29 <DIR> d-------- C:\ProgramData\ashampoo
2008-01-17 10:29 . 2008-01-17 10:29 <DIR> d-------- C:\Program Files\Ashampoo
2008-01-15 19:58 . 2008-01-15 19:58 16,070 --a------ C:\Windows\System32\results.xml
2008-01-15 19:55 . 2008-01-15 19:55 <DIR> d-------- C:\Users\Beheerder\{10ee69cc-d4ee-482c-8f46-50b0ba7c9ebc}
2008-01-15 19:53 . 2008-01-15 19:53 <DIR> d-------- C:\Users\Beheerder\AppData\Roaming\Sony Corporation
2008-01-15 18:42 . 2008-01-15 18:42 <DIR> d-------- C:\Program Files\Sony
2008-01-15 18:41 . 2008-01-15 18:41 <DIR> d-------- C:\Users\All Users\Sony Corporation
2008-01-15 18:41 . 2008-01-15 18:41 <DIR> d-------- C:\ProgramData\Sony Corporation
2008-01-13 10:59 . 2008-01-13 10:59 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-01-12 09:19 . 2008-01-12 09:19 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-12 08:26 . 2008-01-12 08:26 2,560 --a------ C:\Windows\_MSRSTRT.EXE
2008-01-11 13:50 . 2008-01-11 13:50 <DIR> d-------- C:\Users\Beheerder\AppData\Roaming\PCToolsFirewallPlus
2008-01-11 13:47 . 2008-01-17 21:57 <DIR> d-a------ C:\Users\All Users\TEMP
2008-01-11 13:47 . 2008-01-17 21:57 <DIR> d-a------ C:\ProgramData\TEMP
2008-01-11 13:33 . 2008-01-19 16:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-11 13:32 . 2008-01-11 13:33 <DIR> d-------- C:\Users\Beheerder\AppData\Roaming\GetRightToGo
2008-01-11 13:32 . 2008-01-11 13:32 <DIR> d-------- C:\Downloads
2008-01-10 19:14 . 2008-01-17 09:59 <DIR> d-------- C:\Users\Beheerder\AppData\Roaming\LimeWirePlus
2008-01-10 19:12 . 2008-01-10 19:12 <DIR> d-------- C:\Windows\Sun
2008-01-10 19:12 . 2008-01-13 18:07 <DIR> d-------- C:\Users\All Users\Google
2008-01-10 19:12 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl
2008-01-10 19:11 . 2008-01-10 19:12 <DIR> d-------- C:\Program Files\Java
2008-01-10 19:11 . 2008-01-10 19:11 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-10 19:03 . 2008-01-12 08:27 <DIR> d-------- C:\Program Files\LimewirePlus
2008-01-10 19:03 . 2008-01-17 09:48 <DIR> d-------- C:\Program Files\LimeWire Plus
2008-01-10 16:06 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2008-01-10 16:06 . 2007-05-16 16:45 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll
2008-01-10 16:06 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
2008-01-10 16:06 . 2007-05-16 16:45 1,124,720 --a------ C:\Windows\System32\D3DCompiler_34.dll
2008-01-10 16:06 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
2008-01-10 16:06 . 2007-05-16 16:45 443,752 --a------ C:\Windows\System32\d3dx10_34.dll
2008-01-10 16:06 . 2007-04-04 18:53 81,768 --a------ C:\Windows\System32\xinput1_3.dll
2008-01-10 06:53 . 2008-01-10 06:53 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-10 06:53 . 2008-01-10 06:53 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-10 06:53 . 2008-01-10 06:53 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-10 06:53 . 2008-01-10 06:53 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-10 06:53 . 2008-01-10 06:53 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-10 06:52 . 2008-01-10 06:52 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-10 06:52 . 2008-01-10 06:52 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-10 06:52 . 2008-01-10 06:52 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-10 06:52 . 2008-01-10 06:52 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-10 06:52 . 2008-01-10 06:52 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-10 06:52 . 2008-01-10 06:52 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-10 06:52 . 2008-01-10 06:52 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-10 06:52 . 2008-01-10 06:52 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-10 06:52 . 2008-01-10 06:52 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-01-10 06:51 . 2008-01-10 06:51 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-09 22:22 . 2008-01-09 22:22 <DIR> d--h----- C:\Windows\PIF
2008-01-09 18:39 . 2008-01-14 07:39 <DIR> d-------- C:\Program Files\Google
2008-01-09 18:26 . 2008-01-09 18:26 <DIR> d-------- C:\Users\Beheerder\AppData\Roaming\Apple Computer
2008-01-09 18:26 . 2008-01-09 18:26 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-01-09 18:26 . 2008-01-09 18:26 <DIR> d-------- C:\Users\All Users\Apple
2008-01-09 18:26 . 2008-01-09 18:26 <DIR> d-------- C:\ProgramData\Apple Computer
2008-01-09 18:26 . 2008-01-09 18:26 <DIR> d-------- C:\ProgramData\Apple
2008-01-09 18:26 . 2008-01-17 13:12 <DIR> d-------- C:\Program Files\QuickTime
2008-01-09 18:26 . 2008-01-17 13:12 <DIR> d-------- C:\Program Files\iTunes
2008-01-09 18:26 . 2008-01-09 18:26 <DIR> d-------- C:\Program Files\iPod
2008-01-09 18:26 . 2008-01-09 18:26 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-09 18:26 . 2008-01-09 18:26 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-09 18:26 . 2008-01-17 06:55 54,156 --ah----- C:\Windows\QTFont.qfn
2008-01-09 18:26 . 2008-01-09 18:27 1,409 --a------ C:\Windows\QTFont.for
2008-01-08 23:18 . 2008-01-08 23:18 <DIR> d-------- C:\Program Files\DivX
2008-01-08 22:13 . 2008-01-08 22:13 <DIR> d-------- C:\Program Files\Fox
2008-01-08 22:08 . 1997-05-12 17:53 314,368 --a------ C:\Windows\uninst.exe
2008-01-08 20:57 . 2008-01-08 20:57 268 --ah----- C:\sqmdata00.sqm
2008-01-08 20:57 . 2008-01-08 20:57 244 --ah----- C:\sqmnoopt00.sqm
2008-01-08 20:29 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-01-08 20:28 . 2008-01-08 20:28 <DIR> d-------- C:\Program Files\Microsoft Works
2008-01-08 20:27 . 2008-01-08 20:27 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-01-08 20:25 . 2008-01-08 20:25 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-08 20:24 . 2008-01-08 20:24 <DIR> dr-h----- C:\MSOCache
2008-01-08 19:02 . 2008-01-08 20:58 <DIR> d-------- C:\Users\Beheerder\Contacts
2008-01-08 19:01 . 2008-01-08 19:01 <DIR> d-------- C:\Program Files\MSN Messenger
2008-01-08 07:14 . 2008-01-08 07:14 311,296 --a------ C:\Windows\System32\mswmdm.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 10:49 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-15 19:59 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-01-15 19:59 --------- d-----w C:\Program Files\Realtek
2008-01-15 17:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-12 11:06 --------- d-----w C:\ProgramData\Microsoft Help
2008-01-10 05:58 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 05:58 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 05:52 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-10 05:52 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-10 05:52 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-10 05:52 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-08 19:28 --------- d-----w C:\Program Files\MSBuild
2008-01-05 18:20 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-01-05 18:20 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-01-05 18:20 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-01-05 18:20 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-05 18:20 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-05 18:20 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-05 18:20 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-05 18:20 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-01-05 18:20 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-05 18:20 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-01-05 18:20 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-05 18:20 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-05 18:20 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-05 18:20 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-05 18:20 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2008-01-05 18:20 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-01-05 18:20 2,923,520 ----a-w C:\Windows\explorer.exe
2008-01-05 18:20 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-01-05 18:20 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-01-05 18:20 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-05 18:19 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-05 18:19 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-01-05 18:19 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-01-05 18:19 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-05 18:19 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-05 18:19 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2007-11-29 22:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2007-10-25 09:26 53,248 ----a-w C:\Windows\bdoscandel.exe
2007-10-19 18:25 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot_2008-01-19_19.39.15,95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-19 18:31:59 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-01-20 10:08:04 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-01-19 18:01:00 151,552 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-20 10:52:02 151,552 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-19 18:01:00 151,552 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000002\NTUSER.DAT
+ 2008-01-20 10:52:02 151,552 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000002\NTUSER.DAT
- 2008-01-19 18:01:00 1,601,536 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-20 10:52:02 1,605,632 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-19 18:01:00 1,789,952 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-20 10:52:02 1,794,048 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-19 18:33:37 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-20 10:09:39 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-20 10:09:39 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-01-19 18:33:32 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-20 10:09:34 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-20 10:09:34 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-01-19 18:01:23 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-01-20 10:52:18 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-01-20 10:52:18 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-01-19 18:38:15 104,570 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-01-20 10:12:32 104,570 ----a-w C:\Windows\System32\perfc009.dat
- 2008-01-19 18:38:15 123,636 ----a-w C:\Windows\System32\perfc013.dat
+ 2008-01-20 10:12:32 123,636 ----a-w C:\Windows\System32\perfc013.dat
- 2008-01-19 18:38:15 612,848 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-01-20 10:12:32 612,848 ----a-w C:\Windows\System32\perfh009.dat
- 2008-01-19 18:38:15 692,336 ----a-w C:\Windows\System32\perfh013.dat
+ 2008-01-20 10:12:32 692,336 ----a-w C:\Windows\System32\perfh013.dat
- 2008-01-19 18:33:58 11,076 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1025942971-30602797-3602768030-1000_UserData.bin
+ 2008-01-20 10:09:59 11,180 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1025942971-30602797-3602768030-1000_UserData.bin
- 2008-01-19 18:33:58 51,872 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-20 10:09:58 51,888 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-01-19 18:33:57 48,160 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-01-20 10:09:57 48,488 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-01-19 08:50:42 86,110 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-01-19 21:09:56 106,474 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 06:51 1232896]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-15 09:47 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 18:45 4317184 C:\Windows\RtHDVCpl.exe]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdc.exe" [ ]
"HTV Agent"="C:\Program Files\HTV\HTV.exe" [ ]
"HTV Agent"="C:\Program Files\HTV\HTV .exe" [ ]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-18 07:39 949376]

C:\Users\Beheerder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mediacontrole Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-01-15 18:42:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

R2 RapiMgr;Op Windows Mobile gebaseerde apparaatverbinding;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot

R2 WcesComm;Op Windows Mobile 2003 gebaseerde apparaatverbinding;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2006-11-15 15:24]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 03:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 11:54:21
Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-20 11:55:12
ComboFix-quarantined-files.txt 2008-01-20 10:55:10
ComboFix2.txt 2008-01-19 18:39:55
ComboFix3.txt 2008-01-19 18:29:14
ComboFix4.txt 2008-01-19 18:21:33
.
2008-01-11 06:32:00 --- E O F ---

Hijackthislog:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:40, on 20-1-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [HTV Agent] C:\Program Files\HTV\HTV.exe
O4 - HKLM\..\Run: [HTV Agent] C:\Program Files\HTV\HTV .exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Mediacontrole Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5209/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 6513 bytes

Bedankt voor je hulp.
Ik hoop dat ik het nu goed heb gedaan.

**Marckie** · 20-01-08, 13:14

Oorspronkelijk geplaatst door jolandacb Bekijk Berichten

Ja, die is uitgeschakeld. Is dat goed of juist niet?

Als gebruikersaccountbeheer ingeschakeld is, heeft malware heel wat minder kans op je computer en had je dit soort zaken kunnen vermijden.

Microsoft heeft dit niet voor niets geïntegreerd in Vista!

**Marckie** · 20-01-08, 13:17

Zijn er nog problemen nu?
Uitgezonderd een aantal programma's die misschien niet meer werken?

**jolandacb** · 20-01-08, 17:13

Oorspronkelijk geplaatst door Marckie Bekijk Berichten

Als gebruikersaccountbeheer ingeschakeld is, heeft malware heel wat minder kans op je computer en had je dit soort zaken kunnen vermijden.

Microsoft heeft dit niet voor niets geïntegreerd in Vista!

Ik heb overwachts een nieuwe pc moeten kopen, en daar zit dus Vista op.
Ik heb nog geen tijd gehad om me daarin te verdiepen, omdat ik naast 32 uur werken ook een man, gezin en huishouden heb bij te houden.
Weet jij wel hoe intensief dat is?
Maar ik heb hem nu ingeschakeld.

**jolandacb** · 20-01-08, 17:19

Oorspronkelijk geplaatst door Marckie Bekijk Berichten

Zijn er nog problemen nu?
Uitgezonderd een aantal programma's die misschien niet meer werken?

Ik was vanmiddag niet thuis, zal nu weer het één en ander gan proberen.
Tot dusver geen problemen meer.
Ik heb nu ad-aware er op, en Spybot. Deze 2 zal ik regelmatig laten draaien.
Is het verstandig nu ook nog Zonealarm firewall er op te doen?

En ik heb er nu weer NOD32 op.
Klopt het dat bij de handmatige scan van NOD32 ( onde de kop beveiligingsmodules) er foutmeldingen komen als:
Fout bij het scannen van de MBRsector van 3.harde schijf.

**Marckie** · 20-01-08, 19:33

Ik weet best hoe intensief een gezinsleven met een (fulltime)job kan zijn.
Ik snap alleen niet wat dit te maken met heeft met het al dan niet uitschakelen van gebruikersaccountbeheer?
Je geeft zelf aan dat je UAC uitgeschakeld hebt.
Ik wil je enkel maar waarschuwen dat je Vista-computer met gebruikersaccountbeheer (UAC) ingeschakeld, een stuk veiliger is en dat je hoogstwaarschijnlijk alle ellende had kunnen voorkomen.
ZoneAlarm mag je installeren.
Waarschijnlijk kan NOD32 de MBR van schijf drie niet lezen en geeft ie daarom een error.
Wat de oorzaak daarvan is weet ik niet.

**jolandacb** · 20-01-08, 20:53

[QUOTE=Marckie;313038]Ik weet best hoe intensief een gezinsleven met een (fulltime)job kan zijn.
Ik snap alleen niet wat dit te maken met heeft met het al dan niet uitschakelen van gebruikersaccountbeheer?
Je geeft zelf aan dat je UAC uitgeschakeld hebt.
Ik wil je enkel maar waarschuwen dat je Vista-computer met gebruikersaccountbeheer (UAC) ingeschakeld, een stuk veiliger is en dat je hoogstwaarschijnlijk alle ellende had kunnen voorkomen.
ZoneAlarm mag je installeren.
QUOTE]

Ik bedoelde het als grapje hoor, dus het was beslist niet verkeerd bedoeld.
Ik zal me wat verder verdiepen in Vista zodat ik weet hoe alles verder ingeschakeld moet zijn.
Bedankt voor al je hulp.

Groetjes Jolanda

Mededeling

Willen jullie aub naar mijn log kijken?

Willen jullie aub naar mijn log kijken?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment