Tweet
Ik heb al allerlei virus scans gedaan maar het virus blijft.
Ik heb combofix ook al gerunt en de logfiles staan hier onder.
Bovendien heb ik honderden pos100.tmp pos1a.tmp pos1b.tmp enz..
Let op ik heb hijackthis in veilige modus gedaan omdat als ik hem normaal opstart er allerlei windows foutmeldingen komen en de computer soms zomaar opnieuw opstart of uitgaat.
Let op: Ik heb een groot deel van de pos bestandjes weggehaalt uit dit topic omdat het anders te groot was om te posten
Log file Combofix:
ComboFix 08-01-23.1C - ingemare 2008-01-25 19:27:14.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.785 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\ingemare\Bureaublad\ComboFix.exe
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\ingemare\Application Data\macromedia\Flash Player\#SharedObjects\H8FGZ2XX\iforex.com
C:\Documents and Settings\ingemare\Application Data\macromedia\Flash Player\#SharedObjects\H8FGZ2XX\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\ingemare\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\ingemare\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\ingemare\Mijn documenten\pos24A.tmp
C:\Documents and Settings\ingemare\Mijn documenten\pos24B.tmp
C:\Documents and Settings\ingemare\Mijn documenten\pos24C.tmp
C:\Documents and Settings\ingemare\Mijn documenten\pos24D.tmp
C:\Documents and Settings\ingemare\Mijn documenten\pos24E.tmp
C:\Documents and Settings\ingemare\Mijn documenten\pos24F.tmp
C:\Documents and Settings\ingemare\Mijn documenten\pos250.tmp
C:\Documents and Settings\ingemare\Mijn documenten\pos251.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE04.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE05.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE06.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE07.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE08.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE09.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE0A.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE0B.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE0C.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE0D.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE0E.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE0F.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE10.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE11.tmp
C:\posD87.tmp
C:\posD88.tmp
C:\posD89.tmp
C:\posD8A.tmp
C:\posD8B.tmp
C:\posD8C.tmp
C:\posD8D.tmp
C:\posD8E.tmp
C:\posD8F.tmp
C:\posD9.tmp
C:\posD90.tmp
C:\posD91.tmp
C:\posD92.tmp
C:\posD93.tmp
C:\posD94.tmp
C:\posD95.tmp
C:\posD96.tmp
C:\posD97.tmp
C:\posD98.tmp
C:\posD99.tmp
C:\posD9A.tmp
C:\posD9B.tmp
C:\posD9C.tmp
C:\posD9D.tmp
C:\posD9E.tmp
C:\posD9F.tmp
C:\posDA.tmp
C:\posDA0.tmp
C:\posDA1.tmp
C:\posDA2.tmp
C:\posDA3.tmp
C:\posDA4.tmp
C:\posDA5.tmp
C:\posDA6.tmp
C:\posDA7.tmp
C:\posDA8.tmp
C:\posDA9.tmp
C:\posDAA.tmp
C:\posDAB.tmp
C:\posDAC.tmp
C:\posDAD.tmp
C:\posDAE.tmp
C:\posDAF.tmp
C:\posDB.tmp
C:\posDC.tmp
C:\posDD.tmp
C:\posDE.tmp
C:\posDF.tmp
C:\posE.tmp
C:\posE0.tmp
C:\posE1.tmp
C:\posE2.tmp
C:\posE3.tmp
C:\posE4.tmp
C:\posE5.tmp
C:\posE6.tmp
C:\posE7.tmp
C:\posE8.tmp
C:\posE9.tmp
C:\posEA.tmp
C:\posEB.tmp
C:\posEC.tmp
C:\posED.tmp
C:\posEE.tmp
C:\posEF.tmp
C:\posF.tmp
C:\posF0.tmp
C:\posF1.tmp
C:\posF2.tmp
C:\posF3.tmp
C:\posF4.tmp
C:\posF5.tmp
C:\posF6.tmp
C:\posF7.tmp
C:\posF8.tmp
C:\posF9.tmp
C:\posFA.tmp
C:\posFB.tmp
C:\posFC.tmp
C:\posFD.tmp
C:\posFE.tmp
C:\posFF.tmp
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd .exe
C:\Program Files\Alwil Software\Avast4\ashDisp .exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\WINDOWS\ALCMTR .EXE
C:\WINDOWS\cookies.ini
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\RTHDCPL .EXE
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\helcvpar.dllbox
C:\WINDOWS\system32\kfyodtdr.dll
C:\WINDOWS\system32\opnopqo.dll
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.ini2
C:\WINDOWS\system32\rdtdoyfk.ini
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\vturp.exe
.
----- BITS: Possible infected sites -----
hxxp://javadl.sun.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
(((((((((((((((((((( Bestanden Gemaakt van 2007-12-25 to 2008-01-25 ))))))))))))))))))))))))))))))
.
2008-01-25 20:51 . 2008-01-25 20:59 19,390 ---hs---- C:\WINDOWS\system32\helcvpar.dllbox
2008-01-25 19:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-25 17:50 . 2008-01-25 17:42 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-25 17:09 . 2008-01-25 17:09 <DIR> d-------- C:\Program Files\Common Files\Application
2008-01-25 17:08 . 2008-01-25 20:46 <DIR> d-------- C:\Program Files\SPYWAREfighter
2008-01-23 16:52 . 2007-01-25 12:53 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-01-20 10:35 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-01-18 21:39 . 2008-01-18 21:39 32 --a------ C:\WINDOWS\CD_Start.INI
2008-01-09 16:12 . 2008-01-09 16:12 <DIR> d-------- C:\Program Files\IVT Corporation
2007-12-30 17:57 . 2007-12-30 17:57 <DIR> d-------- C:\Program Files\VST
2007-12-30 17:57 . 2007-12-30 17:57 <DIR> d-------- C:\Program Files\Acoustica Shared Effects
2007-12-30 17:57 . 2007-12-30 17:57 <DIR> d-------- C:\Program Files\Acoustica Mixcraft 3
2007-12-30 17:57 . 2006-12-21 14:50 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 18:00 69,632 ----a-w C:\WINDOWS\ALCMTR.EXE
2008-01-25 18:00 14,396,416 ----a-w C:\WINDOWS\RTHDCPL.EXE
2008-01-25 16:15 --------- d-----w C:\Program Files\Hitman Pro
2008-01-23 15:48 --------- d-----w C:\Program Files\Elaborate Bytes
2008-01-23 12:20 --------- d-----w C:\Program Files\EA Games
2008-01-20 09:47 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-01-20 09:43 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-19 14:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-19 10:13 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-18 20:44 --------- d-----w C:\Program Files\Activision
2008-01-05 17:53 --------- d-----w C:\Program Files\PC Wizard 2007
2008-01-05 17:06 --------- d-----w C:\Program Files\SpeedFan
2007-12-05 16:08 --------- d-----w C:\Program Files\Webteh
2007-12-03 12:58 --------- d-----w C:\Program Files\LimeWire
2007-12-01 10:56 --------- d-----w C:\Program Files\DVD Flick
2007-11-30 19:45 --------- d-----w C:\Program Files\InfraRecorder
2007-11-30 17:30 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-30 17:29 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-11-30 14:12 --------- d-----w C:\Program Files\SurfRight
2007-11-26 15:50 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-11-26 15:50 249,856 ------w C:\WINDOWS\Setup1.exe
2007-11-26 14:28 --------- d-----w C:\Program Files\Electronic Arts
2007-11-25 20:02 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-25 20:01 --------- d-----w C:\Program Files\GameSpy
2007-11-25 19:38 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2007-11-19 19:28 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-11-12 07:03 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-11-07 14:36 3,403,473,876 ----a-w C:\Program Files\ccd-set6.mdf
2007-11-06 12:57 4,848 ----a-w C:\Program Files\ccd-set6.mds
2006-10-26 22:26 271 --sh--w C:\Program Files\desktop.ini
2006-10-26 22:26 21,952 ---ha-w C:\Program Files\folder.htt
2004-09-28 03:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-01-25 12:47 163904 --a------ C:\WINDOWS\system32\helcvpar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cfa238ea-108d-4bf4-af62-75030b98492e}]
2007-01-25 12:47 76352 --a------ C:\WINDOWS\system32\echxacsm.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\Studiosindala\EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-25 19:00 14396416 C:\WINDOWS\RTHDCPL.EXE]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [ ]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [ ]
C:\Documents and Settings\Administrator.INGMAR\Menu Start\Programma's\Opstarten\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-10-26 21:16:26 1976056]
C:\Documents and Settings\ingemare\Menu Start\Programma's\Opstarten\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-10-26 21:16:26 1976056]
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-09-20 10:28:16 1200128]
Sweex WiFi LAN 140 Nitro XM Utility.lnk - C:\Program Files\Sweex WiFi LAN 140 Nitro XM Utility\WlanUtl.exe [2006-10-26 19:35:20 794624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\helcvpar]
helcvpar.dll 2007-01-25 12:47 163904 C:\WINDOWS\system32\helcvpar.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmqx32]
winmqx32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winowl32]
winowl32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OSI Kernel DebugMon]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 22:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
C:\Program Files\AdVantage\AdVantage.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-01-25 19:00 219520 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
C:\WINDOWS\avp .exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
--a------ 2004-04-26 16:21 270336 C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaretakerNotifier]
C:\Program Files\SurfRight\Caretaker\Notifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-06-29 15:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
-ra------ 2005-11-03 08:22 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
-ra------ 2005-11-03 08:26 118784 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
-ra------ 2005-11-03 08:25 98304 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2005-07-25 11:01 1397760 C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-06-14 15:24 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\vturp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSDisp32]
C:\WINDOWS\system32\drvxub.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-01-25 19:00 1667584 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-30 18:51 7630848 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-30 18:51 86016 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-30 18:51 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSI KDebug]
C:\DOCUME~1\ingemare\LOCALS~1\Temp\_temp_netspool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-04-09 13:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-26 20:35 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 02:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 15:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZDConfig]
--a------ 2003-04-23 18:30 184320 C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CaretakerUpdate"=2 (0x2)
"CaretakerSvc"=2 (0x2)
"CaretakerProxy"=2 (0x2)
"CaretakerAntispam"=2 (0x2)
"svcWRSSSDK"=2 (0x2)
"SDhelper"=3 (0x3)
"pr2akt6c"=2 (0x2)
"PnkBstrA"=2 (0x2)
"NOD32krn"=2 (0x2)
R0 pe3akt6c;Cycling Manager 2007 Environment Driver (pe3akt6c);C:\WINDOWS\system32\drivers\pe3akt6c.sys [2007-06-08 18:29]
R0 pf2akt6c;Cycling Manager 2007 File System Driver (pf2akt6c);C:\WINDOWS\system32\drivers\pf2akt6c.sys [2007-06-08 18:28]
R0 ps6akt6c;Cycling Manager 2007 Synchronization Driver (ps6akt6c);C:\WINDOWS\system32\drivers\ps6akt6c.sys [2007-06-08 18:28]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 13:46]
R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-12-14 19:06]
R1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\drivers\ctredrv.sys [2007-09-19 13:06]
R1 mchInjDrv;madCodeHook DLL injection driver;C:\WINDOWS\system32\Drivers\mchInjDrv.sys [2007-11-24 10:51]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
R2 OSI Kernel DebugMon;OSI Kernel DebugMon;C:\DOCUME~1\ingemare\LOCALS~1\Temp\svchost.sys [2007-06-05 17:57]
R3 SWXG3021;Sweex 802.11g XG302 SP1 Driver;C:\WINDOWS\system32\DRIVERS\wlanCIG.sys [2005-10-20 07:40]
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys
S3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2007-06-08 11:52]
S3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2007-06-08 11:52]
S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);C:\WINDOWS\system32\DRIVERS\zd1201u.sys [2003-04-26 13:32]
S3 ZDNDIS5;ZDNDIS5 Protocol Driver;C:\WINDOWS\system32\ZDNDIS5.SYS [2002-10-30 10:43]
S4 CaretakerAntispam;Caretaker Antispam Service;"C:\Program Files\SurfRight\Caretaker\AntispamService.exe"
S4 CaretakerProxy;Caretaker Proxy;"C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe"
S4 CaretakerSvc;Caretaker Service;"C:\Program Files\SurfRight\Caretaker\CaretakerService.exe"
S4 CaretakerUpdate;Caretaker Updater;"C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe"
S4 pr2akt6c;Cycling Manager 2007 Drivers Auto Removal (pr2akt6c);C:\WINDOWS\system32\pr2akt6c.exe svc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c14cf32-3398-11dc-b2fb-00160a007a88}]
\Shell\AutoRun\command - E:\Exe\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ec6edde-c9b5-11dc-b49b-001583b3d077}]
\Shell\AutoRun\command - E:\RunGame.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a2c8280-b58c-11db-b2e3-00160a007a88}]
\Shell\AutoRun\command - E:\Exe\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a23343b0-3393-11dc-b2fa-00160a007a88}]
\Shell\AutoRun\command - I:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be94de16-2f0c-11dc-b2ed-00160a007a88}]
\Shell\AutoRun\command - E:\Exe\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce445d18-7af9-11db-b0ff-00160a007a88}]
\Shell\AutoRun\command - E:\Exe\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed1f1e8a-c9b1-11dc-b499-806d6172696f}]
\Shell\AutoRun\command - E:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed1f1e8b-c9b1-11dc-b499-001583b3d077}]
\Shell\AutoRun\command - G:\RunGame.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7f5421a-c9c2-11dc-b49f-001583b3d077}]
\Shell\AutoRun\command - G:\RunGame.exe
*Newly Created Service* - PCANDIS5
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 20:59:44
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"\\\\Studiosindala\\EPSON Stylus DX3800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACE.EXE /P42 \"\\\\Studiosindala\\EPSON Stylus DX3800 Series\" /O6 \"USB001\" /M \"Stylus DX3800\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\helcvpar.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\WINDOWS\system32\helcvpar.dll
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
Voltooingstijd: 2008-01-25 21:08:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-25 20:08:07
Ik heb combofix ook al gerunt en de logfiles staan hier onder.
Bovendien heb ik honderden pos100.tmp pos1a.tmp pos1b.tmp enz..
Let op ik heb hijackthis in veilige modus gedaan omdat als ik hem normaal opstart er allerlei windows foutmeldingen komen en de computer soms zomaar opnieuw opstart of uitgaat.
Let op: Ik heb een groot deel van de pos bestandjes weggehaalt uit dit topic omdat het anders te groot was om te posten
Log file Combofix:
ComboFix 08-01-23.1C - ingemare 2008-01-25 19:27:14.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.785 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\ingemare\Bureaublad\ComboFix.exe
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\ingemare\Application Data\macromedia\Flash Player\#SharedObjects\H8FGZ2XX\iforex.com
C:\Documents and Settings\ingemare\Application Data\macromedia\Flash Player\#SharedObjects\H8FGZ2XX\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\ingemare\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\ingemare\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\ingemare\Mijn documenten\pos24A.tmp
C:\Documents and Settings\ingemare\Mijn documenten\pos24B.tmp
C:\Documents and Settings\ingemare\Mijn documenten\pos24C.tmp
C:\Documents and Settings\ingemare\Mijn documenten\pos24D.tmp
C:\Documents and Settings\ingemare\Mijn documenten\pos24E.tmp
C:\Documents and Settings\ingemare\Mijn documenten\pos24F.tmp
C:\Documents and Settings\ingemare\Mijn documenten\pos250.tmp
C:\Documents and Settings\ingemare\Mijn documenten\pos251.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE04.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE05.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE06.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE07.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE08.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE09.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE0A.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE0B.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE0C.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE0D.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE0E.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE0F.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE10.tmp
C:\Documents and Settings\ingemare\Mijn documenten\posE11.tmp
C:\posD87.tmp
C:\posD88.tmp
C:\posD89.tmp
C:\posD8A.tmp
C:\posD8B.tmp
C:\posD8C.tmp
C:\posD8D.tmp
C:\posD8E.tmp
C:\posD8F.tmp
C:\posD9.tmp
C:\posD90.tmp
C:\posD91.tmp
C:\posD92.tmp
C:\posD93.tmp
C:\posD94.tmp
C:\posD95.tmp
C:\posD96.tmp
C:\posD97.tmp
C:\posD98.tmp
C:\posD99.tmp
C:\posD9A.tmp
C:\posD9B.tmp
C:\posD9C.tmp
C:\posD9D.tmp
C:\posD9E.tmp
C:\posD9F.tmp
C:\posDA.tmp
C:\posDA0.tmp
C:\posDA1.tmp
C:\posDA2.tmp
C:\posDA3.tmp
C:\posDA4.tmp
C:\posDA5.tmp
C:\posDA6.tmp
C:\posDA7.tmp
C:\posDA8.tmp
C:\posDA9.tmp
C:\posDAA.tmp
C:\posDAB.tmp
C:\posDAC.tmp
C:\posDAD.tmp
C:\posDAE.tmp
C:\posDAF.tmp
C:\posDB.tmp
C:\posDC.tmp
C:\posDD.tmp
C:\posDE.tmp
C:\posDF.tmp
C:\posE.tmp
C:\posE0.tmp
C:\posE1.tmp
C:\posE2.tmp
C:\posE3.tmp
C:\posE4.tmp
C:\posE5.tmp
C:\posE6.tmp
C:\posE7.tmp
C:\posE8.tmp
C:\posE9.tmp
C:\posEA.tmp
C:\posEB.tmp
C:\posEC.tmp
C:\posED.tmp
C:\posEE.tmp
C:\posEF.tmp
C:\posF.tmp
C:\posF0.tmp
C:\posF1.tmp
C:\posF2.tmp
C:\posF3.tmp
C:\posF4.tmp
C:\posF5.tmp
C:\posF6.tmp
C:\posF7.tmp
C:\posF8.tmp
C:\posF9.tmp
C:\posFA.tmp
C:\posFB.tmp
C:\posFC.tmp
C:\posFD.tmp
C:\posFE.tmp
C:\posFF.tmp
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd .exe
C:\Program Files\Alwil Software\Avast4\ashDisp .exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\WINDOWS\ALCMTR .EXE
C:\WINDOWS\cookies.ini
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\RTHDCPL .EXE
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\helcvpar.dllbox
C:\WINDOWS\system32\kfyodtdr.dll
C:\WINDOWS\system32\opnopqo.dll
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.ini2
C:\WINDOWS\system32\rdtdoyfk.ini
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\vturp.exe
Code:
<pre> C:\Program Files\Alcohol Soft\Alcohol 120\axcmd .exe ---> QooBox C:\Program Files\Alwil Software\Avast4\ashDisp .exe ---> QooBox C:\Program Files\Common Files\Real\Update_OB\realsched .exe ---> QooBox C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe ---> QooBox C:\Program Files\Messenger\msmsgs .exe ---> QooBox C:\WINDOWS\ALCMTR .EXE ---> QooBox C:\WINDOWS\RTHDCPL .EXE ---> QooBox C:\WINDOWS\system32\ctfmon .exe ---> QooBox </pre>
----- BITS: Possible infected sites -----
hxxp://javadl.sun.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
(((((((((((((((((((( Bestanden Gemaakt van 2007-12-25 to 2008-01-25 ))))))))))))))))))))))))))))))
.
2008-01-25 20:51 . 2008-01-25 20:59 19,390 ---hs---- C:\WINDOWS\system32\helcvpar.dllbox
2008-01-25 19:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-25 17:50 . 2008-01-25 17:42 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-25 17:09 . 2008-01-25 17:09 <DIR> d-------- C:\Program Files\Common Files\Application
2008-01-25 17:08 . 2008-01-25 20:46 <DIR> d-------- C:\Program Files\SPYWAREfighter
2008-01-23 16:52 . 2007-01-25 12:53 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-01-20 10:35 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-01-18 21:39 . 2008-01-18 21:39 32 --a------ C:\WINDOWS\CD_Start.INI
2008-01-09 16:12 . 2008-01-09 16:12 <DIR> d-------- C:\Program Files\IVT Corporation
2007-12-30 17:57 . 2007-12-30 17:57 <DIR> d-------- C:\Program Files\VST
2007-12-30 17:57 . 2007-12-30 17:57 <DIR> d-------- C:\Program Files\Acoustica Shared Effects
2007-12-30 17:57 . 2007-12-30 17:57 <DIR> d-------- C:\Program Files\Acoustica Mixcraft 3
2007-12-30 17:57 . 2006-12-21 14:50 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 18:00 69,632 ----a-w C:\WINDOWS\ALCMTR.EXE
2008-01-25 18:00 14,396,416 ----a-w C:\WINDOWS\RTHDCPL.EXE
2008-01-25 16:15 --------- d-----w C:\Program Files\Hitman Pro
2008-01-23 15:48 --------- d-----w C:\Program Files\Elaborate Bytes
2008-01-23 12:20 --------- d-----w C:\Program Files\EA Games
2008-01-20 09:47 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-01-20 09:43 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-19 14:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-19 10:13 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-18 20:44 --------- d-----w C:\Program Files\Activision
2008-01-05 17:53 --------- d-----w C:\Program Files\PC Wizard 2007
2008-01-05 17:06 --------- d-----w C:\Program Files\SpeedFan
2007-12-05 16:08 --------- d-----w C:\Program Files\Webteh
2007-12-03 12:58 --------- d-----w C:\Program Files\LimeWire
2007-12-01 10:56 --------- d-----w C:\Program Files\DVD Flick
2007-11-30 19:45 --------- d-----w C:\Program Files\InfraRecorder
2007-11-30 17:30 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-30 17:29 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-11-30 14:12 --------- d-----w C:\Program Files\SurfRight
2007-11-26 15:50 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-11-26 15:50 249,856 ------w C:\WINDOWS\Setup1.exe
2007-11-26 14:28 --------- d-----w C:\Program Files\Electronic Arts
2007-11-25 20:02 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-25 20:01 --------- d-----w C:\Program Files\GameSpy
2007-11-25 19:38 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2007-11-19 19:28 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-11-12 07:03 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-11-07 14:36 3,403,473,876 ----a-w C:\Program Files\ccd-set6.mdf
2007-11-06 12:57 4,848 ----a-w C:\Program Files\ccd-set6.mds
2006-10-26 22:26 271 --sh--w C:\Program Files\desktop.ini
2006-10-26 22:26 21,952 ---ha-w C:\Program Files\folder.htt
2004-09-28 03:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS
.
Code:
<pre> ----a-w 171,464 2008-01-25 11:24:08 C:\Program Files\DAEMON Tools\daemon .exe ----a-w 98,304 2007-01-23 18:30:00 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACE .EXE </pre>
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-01-25 12:47 163904 --a------ C:\WINDOWS\system32\helcvpar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cfa238ea-108d-4bf4-af62-75030b98492e}]
2007-01-25 12:47 76352 --a------ C:\WINDOWS\system32\echxacsm.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\Studiosindala\EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-25 19:00 14396416 C:\WINDOWS\RTHDCPL.EXE]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [ ]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [ ]
C:\Documents and Settings\Administrator.INGMAR\Menu Start\Programma's\Opstarten\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-10-26 21:16:26 1976056]
C:\Documents and Settings\ingemare\Menu Start\Programma's\Opstarten\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-10-26 21:16:26 1976056]
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-09-20 10:28:16 1200128]
Sweex WiFi LAN 140 Nitro XM Utility.lnk - C:\Program Files\Sweex WiFi LAN 140 Nitro XM Utility\WlanUtl.exe [2006-10-26 19:35:20 794624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\helcvpar]
helcvpar.dll 2007-01-25 12:47 163904 C:\WINDOWS\system32\helcvpar.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmqx32]
winmqx32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winowl32]
winowl32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OSI Kernel DebugMon]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 22:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
C:\Program Files\AdVantage\AdVantage.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-01-25 19:00 219520 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
C:\WINDOWS\avp .exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
--a------ 2004-04-26 16:21 270336 C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaretakerNotifier]
C:\Program Files\SurfRight\Caretaker\Notifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-06-29 15:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
-ra------ 2005-11-03 08:22 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
-ra------ 2005-11-03 08:26 118784 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
-ra------ 2005-11-03 08:25 98304 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2005-07-25 11:01 1397760 C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-06-14 15:24 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\vturp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSDisp32]
C:\WINDOWS\system32\drvxub.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-01-25 19:00 1667584 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-30 18:51 7630848 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-30 18:51 86016 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-30 18:51 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSI KDebug]
C:\DOCUME~1\ingemare\LOCALS~1\Temp\_temp_netspool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-04-09 13:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-26 20:35 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 02:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 15:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZDConfig]
--a------ 2003-04-23 18:30 184320 C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CaretakerUpdate"=2 (0x2)
"CaretakerSvc"=2 (0x2)
"CaretakerProxy"=2 (0x2)
"CaretakerAntispam"=2 (0x2)
"svcWRSSSDK"=2 (0x2)
"SDhelper"=3 (0x3)
"pr2akt6c"=2 (0x2)
"PnkBstrA"=2 (0x2)
"NOD32krn"=2 (0x2)
R0 pe3akt6c;Cycling Manager 2007 Environment Driver (pe3akt6c);C:\WINDOWS\system32\drivers\pe3akt6c.sys [2007-06-08 18:29]
R0 pf2akt6c;Cycling Manager 2007 File System Driver (pf2akt6c);C:\WINDOWS\system32\drivers\pf2akt6c.sys [2007-06-08 18:28]
R0 ps6akt6c;Cycling Manager 2007 Synchronization Driver (ps6akt6c);C:\WINDOWS\system32\drivers\ps6akt6c.sys [2007-06-08 18:28]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 13:46]
R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-12-14 19:06]
R1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\drivers\ctredrv.sys [2007-09-19 13:06]
R1 mchInjDrv;madCodeHook DLL injection driver;C:\WINDOWS\system32\Drivers\mchInjDrv.sys [2007-11-24 10:51]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
R2 OSI Kernel DebugMon;OSI Kernel DebugMon;C:\DOCUME~1\ingemare\LOCALS~1\Temp\svchost.sys [2007-06-05 17:57]
R3 SWXG3021;Sweex 802.11g XG302 SP1 Driver;C:\WINDOWS\system32\DRIVERS\wlanCIG.sys [2005-10-20 07:40]
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys
S3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2007-06-08 11:52]
S3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2007-06-08 11:52]
S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);C:\WINDOWS\system32\DRIVERS\zd1201u.sys [2003-04-26 13:32]
S3 ZDNDIS5;ZDNDIS5 Protocol Driver;C:\WINDOWS\system32\ZDNDIS5.SYS [2002-10-30 10:43]
S4 CaretakerAntispam;Caretaker Antispam Service;"C:\Program Files\SurfRight\Caretaker\AntispamService.exe"
S4 CaretakerProxy;Caretaker Proxy;"C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe"
S4 CaretakerSvc;Caretaker Service;"C:\Program Files\SurfRight\Caretaker\CaretakerService.exe"
S4 CaretakerUpdate;Caretaker Updater;"C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe"
S4 pr2akt6c;Cycling Manager 2007 Drivers Auto Removal (pr2akt6c);C:\WINDOWS\system32\pr2akt6c.exe svc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c14cf32-3398-11dc-b2fb-00160a007a88}]
\Shell\AutoRun\command - E:\Exe\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ec6edde-c9b5-11dc-b49b-001583b3d077}]
\Shell\AutoRun\command - E:\RunGame.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a2c8280-b58c-11db-b2e3-00160a007a88}]
\Shell\AutoRun\command - E:\Exe\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a23343b0-3393-11dc-b2fa-00160a007a88}]
\Shell\AutoRun\command - I:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be94de16-2f0c-11dc-b2ed-00160a007a88}]
\Shell\AutoRun\command - E:\Exe\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce445d18-7af9-11db-b0ff-00160a007a88}]
\Shell\AutoRun\command - E:\Exe\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed1f1e8a-c9b1-11dc-b499-806d6172696f}]
\Shell\AutoRun\command - E:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed1f1e8b-c9b1-11dc-b499-001583b3d077}]
\Shell\AutoRun\command - G:\RunGame.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7f5421a-c9c2-11dc-b49f-001583b3d077}]
\Shell\AutoRun\command - G:\RunGame.exe
*Newly Created Service* - PCANDIS5
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 20:59:44
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"\\\\Studiosindala\\EPSON Stylus DX3800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACE.EXE /P42 \"\\\\Studiosindala\\EPSON Stylus DX3800 Series\" /O6 \"USB001\" /M \"Stylus DX3800\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\helcvpar.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\WINDOWS\system32\helcvpar.dll
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
Voltooingstijd: 2008-01-25 21:08:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-25 20:08:07
Comment