Mededeling

Collapse
No announcement yet.

search-daily.com

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • search-daily.com

    hoi,

    ik heb de laatste tijd steeds last van spyware. Ik krijg het niet weg met programma's als ad-aware. Het gebeurd vaak als ik via google zoek.
    Het gaat om de websites search-daily.com en trustedantivirus.com

    Hierbij mijn hijack this log...
    Wie helpt me uit de brand.
    Alvast bedankt.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:57:30, on 28-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Winamp\winamp.exe
    C:\WINDOWS\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Wesley\Bureaublad\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8D9AA7FB-F484-4FED-89DE-DB30B85E76D6} - C:\WINDOWS\system32\audiosrvp.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://partyflock.nl/components/ImageUploader4.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Anti Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

    --
    End of file - 3990 bytes

  • #2
    Hallo,

    Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    O2 - BHO: (no name) - {8D9AA7FB-F484-4FED-89DE-DB30B85E76D6} - C:\WINDOWS\system32\audiosrvp.dll
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE


    Klik daarna op "Fix checked" en sluit HijackThis af.

    Herstart de computer.


    Volg de instructies.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

    Comment


    • #3
      ComboFix 08-02.02.5 - Wesley 2008-02-02 14:47:27.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1674 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Wesley\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\Wesley\Application Data\macromedia\Flash Player\#SharedObjects\LNPN5BAS\iforex.com
      C:\Documents and Settings\Wesley\Application Data\macromedia\Flash Player\#SharedObjects\LNPN5BAS\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
      C:\Documents and Settings\Wesley\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
      C:\Documents and Settings\Wesley\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
      C:\WINDOWS\OPTIONS\CABS\_desktop.ini

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-02 to 2008-02-02 ))))))))))))))))))))))))))))))
      .

      2008-02-02 14:46 . 2008-02-02 14:46 <DIR> d-------- C:\Temp
      2008-01-31 11:50 . 2008-01-31 11:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2008-01-31 11:50 . 2008-01-31 11:50 1,409 --a------ C:\WINDOWS\QTFont.for
      2008-01-28 18:46 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
      2008-01-28 18:46 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
      2008-01-28 18:46 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
      2008-01-28 18:46 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
      2008-01-28 18:46 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
      2008-01-28 18:46 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
      2008-01-28 18:46 . 2008-01-28 18:46 1,564 --a------ C:\WINDOWS\system32\tmp.reg
      2008-01-22 19:38 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
      2008-01-22 19:37 . 2008-01-22 19:37 <DIR> d-------- C:\Program Files\Common Files\Java
      2008-01-21 23:11 . 2008-01-21 23:11 <DIR> d-------- C:\Program Files\Lavasoft
      2008-01-21 23:11 . 2008-01-21 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-01-21 22:55 . 2008-01-21 22:55 <DIR> d-------- C:\Documents and Settings\Wesley\Application Data\AdwareAlert
      2008-01-21 22:48 . 2008-01-21 22:49 <DIR> d-------- C:\WINDOWS\system32\AppCert
      2008-01-21 22:48 . 2004-08-04 00:03 83,968 --a------ C:\WINDOWS\system32\audiosrvp.dll
      2008-01-21 22:48 . 19,584 C:\WINDOWS\system32\drivers\wntdksph.dat
      2008-01-07 16:33 . 2008-01-07 16:36 <DIR> d-------- C:\Program Files\TVAnts
      2008-01-07 15:35 . 2008-01-07 15:36 <DIR> d-------- C:\Program Files\SopCast

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-02 13:48 231,968 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
      2008-02-02 13:48 15,486,496 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
      2008-02-02 13:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
      2008-02-02 13:40 25,712 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
      2008-02-02 13:40 212,348 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
      2008-02-02 13:31 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
      2008-01-22 18:38 --------- d-----w C:\Program Files\Java
      2008-01-22 18:33 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Azureus
      2008-01-21 22:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
      2008-01-20 22:19 --------- d-----w C:\Documents and Settings\Wesley\Application Data\LimeWire
      2008-01-18 11:57 --------- d-----w C:\Program Files\Full Tilt Poker
      2008-01-14 19:58 --------- d-----w C:\Program Files\Azureus
      2008-01-11 15:13 --------- d-----w C:\Program Files\PokerStars
      2007-12-29 12:30 --------- d-----w C:\Program Files\PartyGaming
      2007-12-29 12:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2007-12-16 20:21 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Sony
      2007-12-16 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
      2007-12-16 20:18 --------- d-----w C:\Program Files\Sony Ericsson
      2007-12-16 20:17 --------- d-----w C:\Program Files\QuickTime
      2007-12-16 20:17 --------- d-----w C:\Program Files\Apple Software Update
      2007-12-16 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
      2007-12-16 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
      2007-12-16 19:41 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Nokia
      2007-12-16 19:35 --------- d-----w C:\Documents and Settings\Wesley\Application Data\PC Suite
      2007-12-16 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
      2007-12-16 19:34 --------- d-----w C:\Program Files\DIFX
      2007-12-16 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
      2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
      2007-12-12 21:26 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D9AA7FB-F484-4FED-89DE-DB30B85E76D6}]
      2004-08-04 00:03 83968 --a------ C:\WINDOWS\system32\audiosrvp.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.exe]
      "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-03-09 18:50 200768]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

      [HKLM\~\startupfolder\C:^Documents and Settings^Wesley^Menu Start^Programma's^Opstarten^Update_0801_KB212148.exe]
      path=C:\Documents and Settings\Wesley\Menu Start\Programma's\Opstarten\Update_0801_KB212148.exe
      backup=C:\WINDOWS\pss\Update_0801_KB212148.exeStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
      --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
      --a------ 2006-09-25 08:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
      --a------ 2006-02-01 16:45 98304 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      --a------ 2006-01-12 15:40 155648 C:\WINDOWS\system32\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
      appsecdll REG_EXPAND_SZ C:\WINDOWS\system32\AppCert\wsil32.dll

      R0 txwcqhia;txwcqhia;C:\WINDOWS\system32\drivers\wntdksph.dat
      S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-10-01 22:11]

      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-02-02 02:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
      - C:\Program Files\AdwareAlert\AdwareAlert.ex
      - C:\Program Files\AdwareAlert.WesleyWRuns AdwareAlert to scan your computer for malicious and potenially unwanted programs.
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-02 14:48:20
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-02-02 14:48:34
      ComboFix-quarantined-files.txt 2008-02-02 13:48:32






      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:51:31, on 2-2-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Documents and Settings\Wesley\Bureaublad\HiJackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: (no name) - {8D9AA7FB-F484-4FED-89DE-DB30B85E76D6} - C:\WINDOWS\system32\audiosrvp.dll
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
      O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
      O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://partyflock.nl/components/ImageUploader4.cab
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Kaspersky Anti Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

      --
      End of file - 3799 bytes

      Comment


      • #4
        Open een kladblokbestand.
        Kopieer de ondestaande code, en plak deze in het kladblokbestand.
        Sla het kladblokbestand op als CFScript.txt
        Code:
        File::
        C:\WINDOWS\system32\drivers\wntdksph.dat
        
        Driver::
        txwcqhia
        Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

        ComboFix zal opnieuw starten.
        Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
        Post de inhoud van de logfile.

        Comment


        • #5
          Ga naar deze website: http://www.virustotal.com/en/indexf.html
          Laat volgend bestandje scannen: C:\WINDOWS\system32\AppCert\wsil32.dll
          Post het resultaat van de scan.

          Comment


          • #6
            ComboFix 08-02.02.5 - Wesley 2008-02-02 15:19:21.2 - NTFSx86
            Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1653 [GMT 1:00]
            Gestart vanuit: C:\Documents and Settings\Wesley\Bureaublad\ComboFix.exe
            Command switches used :: C:\Documents and Settings\Wesley\Bureaublad\CFScript.txt
            * Nieuw herstelpunt werd aangemaakt

            WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

            FILE
            C:\WINDOWS\system32\drivers\wntdksph.dat
            .

            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            C:\WINDOWS\system32\drivers\wntdksph.dat

            .
            ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

            .
            -------\LEGACY_TXWCQHIA
            -------\txwcqhia


            (((((((((((((((((((( Bestanden Gemaakt van 2008-01-02 to 2008-02-02 ))))))))))))))))))))))))))))))
            .

            2008-02-02 14:46 . 2008-02-02 14:46 <DIR> d-------- C:\Temp
            2008-01-31 11:50 . 2008-01-31 11:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
            2008-01-31 11:50 . 2008-01-31 11:50 1,409 --a------ C:\WINDOWS\QTFont.for
            2008-01-28 18:46 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
            2008-01-28 18:46 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
            2008-01-28 18:46 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
            2008-01-28 18:46 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
            2008-01-28 18:46 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
            2008-01-28 18:46 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
            2008-01-28 18:46 . 2008-01-28 18:46 1,564 --a------ C:\WINDOWS\system32\tmp.reg
            2008-01-22 19:38 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
            2008-01-22 19:37 . 2008-01-22 19:37 <DIR> d-------- C:\Program Files\Common Files\Java
            2008-01-21 23:11 . 2008-01-21 23:11 <DIR> d-------- C:\Program Files\Lavasoft
            2008-01-21 23:11 . 2008-01-21 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
            2008-01-21 22:55 . 2008-01-21 22:55 <DIR> d-------- C:\Documents and Settings\Wesley\Application Data\AdwareAlert
            2008-01-21 22:48 . 2008-01-21 22:49 <DIR> d-------- C:\WINDOWS\system32\AppCert
            2008-01-21 22:48 . 2004-08-04 00:03 83,968 --a------ C:\WINDOWS\system32\audiosrvp.dll
            2008-01-07 16:33 . 2008-01-07 16:36 <DIR> d-------- C:\Program Files\TVAnts
            2008-01-07 15:35 . 2008-01-07 15:36 <DIR> d-------- C:\Program Files\SopCast

            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2008-02-02 14:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
            2008-02-02 14:20 234,272 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
            2008-02-02 14:20 15,576,096 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
            2008-02-02 13:40 25,712 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
            2008-02-02 13:40 212,348 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
            2008-02-02 13:31 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
            2008-01-22 18:38 --------- d-----w C:\Program Files\Java
            2008-01-22 18:33 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Azureus
            2008-01-21 22:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
            2008-01-20 22:19 --------- d-----w C:\Documents and Settings\Wesley\Application Data\LimeWire
            2008-01-18 11:57 --------- d-----w C:\Program Files\Full Tilt Poker
            2008-01-14 19:58 --------- d-----w C:\Program Files\Azureus
            2008-01-11 15:13 --------- d-----w C:\Program Files\PokerStars
            2007-12-29 12:30 --------- d-----w C:\Program Files\PartyGaming
            2007-12-29 12:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
            2007-12-16 20:21 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Sony
            2007-12-16 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
            2007-12-16 20:18 --------- d-----w C:\Program Files\Sony Ericsson
            2007-12-16 20:17 --------- d-----w C:\Program Files\QuickTime
            2007-12-16 20:17 --------- d-----w C:\Program Files\Apple Software Update
            2007-12-16 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
            2007-12-16 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
            2007-12-16 19:41 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Nokia
            2007-12-16 19:35 --------- d-----w C:\Documents and Settings\Wesley\Application Data\PC Suite
            2007-12-16 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
            2007-12-16 19:34 --------- d-----w C:\Program Files\DIFX
            2007-12-16 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
            2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
            2007-12-12 21:26 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
            .

            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            REGEDIT4
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D9AA7FB-F484-4FED-89DE-DB30B85E76D6}]
            2004-08-04 00:03 83968 --a------ C:\WINDOWS\system32\audiosrvp.dll

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.exe]
            "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-03-09 18:50 200768]
            "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
            "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

            [HKLM\~\startupfolder\C:^Documents and Settings^Wesley^Menu Start^Programma's^Opstarten^Update_0801_KB212148.exe]
            path=C:\Documents and Settings\Wesley\Menu Start\Programma's\Opstarten\Update_0801_KB212148.exe
            backup=C:\WINDOWS\pss\Update_0801_KB212148.exeStartup

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
            --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
            --a------ 2006-09-25 08:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
            --a------ 2006-02-01 16:45 98304 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
            --a------ 2006-01-12 15:40 155648 C:\WINDOWS\system32\NeroCheck.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
            --a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

            [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
            appsecdll REG_EXPAND_SZ C:\WINDOWS\system32\AppCert\wsil32.dll

            S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-10-01 22:11]

            .
            Inhoud van de 'Gedeelde Taken' map
            "2008-02-02 02:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
            - C:\Program Files\AdwareAlert\AdwareAlert.ex
            - C:\Program Files\AdwareAlert.WesleyWRuns AdwareAlert to scan your computer for malicious and potenially unwanted programs.
            .
            **************************************************************************

            catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2008-02-02 15:21:17
            Windows 5.1.2600 Service Pack 2 NTFS

            scannen van verborgen processen ...

            scannen van verborgen autostart items ...

            scannen van verborgen bestanden ...

            Scan succesvol afgerond
            verborgen bestanden: 0

            **************************************************************************
            .
            ------------------------ Other Running Processes ------------------------
            .
            C:\WINDOWS\system32\savedump.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\WINDOWS\system32\wdfmgr.exe
            .
            **************************************************************************
            .
            Voltooingstijd: 2008-02-02 15:22:04 - machine was rebooted
            ComboFix-quarantined-files.txt 2008-02-02 14:22:01
            ComboFix2.txt 2008-02-02 13:48:34

            Comment


            • #7
              Oorspronkelijk geplaatst door Marckie Bekijk Berichten
              Ga naar deze website: http://www.virustotal.com/en/indexf.html
              Laat volgend bestandje scannen: C:\WINDOWS\system32\AppCert\wsil32.dll
              Post het resultaat van de scan.

              Dit bestand staat niet op mijn computer..
              En die website is heel traag, doet het vaak niet, ook niet bij het uploaden van een bestand.

              Ik heb nog steeds last van de website trustedantivirus.com
              En er kwam net weer een nieuwe bij vanuit het niets, Alphase.net
              Last edited by wesleyvanbeek; 02-02-08, 15:37.

              Comment


              • #8
                Sluit al je vensters van internet explorer (anders lukt het niet), en fix deze met hijackthis:
                O2 - BHO: (no name) - {8D9AA7FB-F484-4FED-89DE-DB30B85E76D6} - C:\WINDOWS\system32\audiosrvp.dll

                Herstart de computer.
                Maak een nieuwe hijackthislog en post deze.

                Comment


                • #9
                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 18:49:30, on 4-2-2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\WINDOWS\RTHDCPL.EXE
                  C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\system32\HPZipm12.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Documents and Settings\Wesley\Bureaublad\HiJackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
                  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                  O2 - BHO: (no name) - {434ECC1E-5BFC-4A59-8978-9E282E15CB68} - C:\WINDOWS\system32\audiosrvp.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
                  O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
                  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                  O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
                  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                  O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
                  O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
                  O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://partyflock.nl/components/ImageUploader4.cab
                  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                  O23 - Service: Kaspersky Anti Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
                  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

                  --
                  End of file - 4023 bytes

                  Comment


                  • #10
                    Maak een nieuwe log met combofix en post deze.

                    Comment


                    • #11
                      ComboFix 08-02.02.5 - Wesley 2008-02-04 18:57:24.3 - NTFSx86
                      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1685 [GMT 1:00]
                      Gestart vanuit: C:\Documents and Settings\Wesley\Bureaublad\ComboFix.exe

                      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
                      .

                      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))
                      .

                      2008-02-04 18:35 . 2008-02-04 18:35 <DIR> d-------- C:\Program Files\Hewlett-Packard
                      2008-02-04 18:35 . 2008-02-04 18:35 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
                      2008-02-04 18:35 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
                      2008-02-04 18:35 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
                      2008-02-04 18:35 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
                      2008-02-04 18:35 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
                      2008-02-04 18:35 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
                      2008-02-04 18:35 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
                      2008-02-04 18:34 . 2008-02-04 18:34 <DIR> d-------- C:\Program Files\HP
                      2008-02-04 18:34 . 2008-02-04 18:35 112,278 --a------ C:\WINDOWS\hpoins11.dat
                      2008-02-04 18:34 . 2005-07-19 02:39 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
                      2008-02-04 18:34 . 2006-05-06 09:25 6,947 --a------ C:\WINDOWS\hpomdl11.dat
                      2008-02-04 18:15 . 2008-02-04 18:15 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
                      2008-02-04 18:15 . 2008-02-04 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
                      2008-02-02 15:37 . 19,584 C:\WINDOWS\system32\drivers\wntdksph.dat
                      2008-02-02 14:46 . 2008-02-02 14:46 <DIR> d-------- C:\Temp
                      2008-01-31 11:50 . 2008-01-31 11:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
                      2008-01-31 11:50 . 2008-01-31 11:50 1,409 --a------ C:\WINDOWS\QTFont.for
                      2008-01-28 18:46 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
                      2008-01-28 18:46 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
                      2008-01-28 18:46 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
                      2008-01-28 18:46 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
                      2008-01-28 18:46 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
                      2008-01-28 18:46 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
                      2008-01-28 18:46 . 2008-01-28 18:46 1,564 --a------ C:\WINDOWS\system32\tmp.reg
                      2008-01-22 19:38 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
                      2008-01-22 19:37 . 2008-01-22 19:37 <DIR> d-------- C:\Program Files\Common Files\Java
                      2008-01-21 23:11 . 2008-01-21 23:11 <DIR> d-------- C:\Program Files\Lavasoft
                      2008-01-21 23:11 . 2008-01-21 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                      2008-01-21 22:55 . 2008-01-21 22:55 <DIR> d-------- C:\Documents and Settings\Wesley\Application Data\AdwareAlert
                      2008-01-21 22:48 . 2008-01-21 22:49 <DIR> d-------- C:\WINDOWS\system32\AppCert
                      2008-01-21 22:48 . 2004-08-04 00:03 83,968 --a------ C:\WINDOWS\system32\audiosrvp.dll
                      2008-01-07 16:33 . 2008-01-07 16:36 <DIR> d-------- C:\Program Files\TVAnts
                      2008-01-07 15:35 . 2008-01-07 15:36 <DIR> d-------- C:\Program Files\SopCast

                      .
                      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2008-02-04 17:58 260,128 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
                      2008-02-04 17:58 15,843,104 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
                      2008-02-04 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
                      2008-02-04 17:48 28,256 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
                      2008-02-04 17:48 216,908 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
                      2008-02-04 17:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
                      2008-02-04 17:14 --------- d-----w C:\Program Files\Common Files\Adobe
                      2008-02-02 13:31 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
                      2008-01-22 18:38 --------- d-----w C:\Program Files\Java
                      2008-01-22 18:33 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Azureus
                      2008-01-21 22:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
                      2008-01-20 22:19 --------- d-----w C:\Documents and Settings\Wesley\Application Data\LimeWire
                      2008-01-18 11:57 --------- d-----w C:\Program Files\Full Tilt Poker
                      2008-01-14 19:58 --------- d-----w C:\Program Files\Azureus
                      2008-01-11 15:13 --------- d-----w C:\Program Files\PokerStars
                      2007-12-29 12:30 --------- d-----w C:\Program Files\PartyGaming
                      2007-12-16 20:21 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Sony
                      2007-12-16 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
                      2007-12-16 20:18 --------- d-----w C:\Program Files\Sony Ericsson
                      2007-12-16 20:17 --------- d-----w C:\Program Files\QuickTime
                      2007-12-16 20:17 --------- d-----w C:\Program Files\Apple Software Update
                      2007-12-16 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
                      2007-12-16 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
                      2007-12-16 19:41 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Nokia
                      2007-12-16 19:35 --------- d-----w C:\Documents and Settings\Wesley\Application Data\PC Suite
                      2007-12-16 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
                      2007-12-16 19:34 --------- d-----w C:\Program Files\DIFX
                      2007-12-16 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
                      2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
                      2007-12-12 21:26 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
                      .

                      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      REGEDIT4
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{434ECC1E-5BFC-4A59-8978-9E282E15CB68}]
                      2004-08-04 00:03 83968 --a------ C:\WINDOWS\system32\audiosrvp.dll

                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.exe]
                      "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-03-09 18:50 200768]
                      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
                      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

                      [HKLM\~\startupfolder\C:^Documents and Settings^Wesley^Menu Start^Programma's^Opstarten^Update_0801_KB212148.exe]
                      path=C:\Documents and Settings\Wesley\Menu Start\Programma's\Opstarten\Update_0801_KB212148.exe
                      backup=C:\WINDOWS\pss\Update_0801_KB212148.exeStartup

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
                      --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
                      --a------ 2006-09-25 08:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
                      --a------ 2006-02-01 16:45 98304 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
                      --a------ 2006-01-12 15:40 155648 C:\WINDOWS\system32\NeroCheck.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
                      --a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

                      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
                      appsecdll REG_EXPAND_SZ C:\WINDOWS\system32\AppCert\wsil32.dll

                      R0 txwcqhia;txwcqhia;C:\WINDOWS\system32\drivers\wntdksph.dat
                      S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-10-01 22:11]

                      *Newly Created Service* - PML_DRIVER_HPZ12
                      .
                      Inhoud van de 'Gedeelde Taken' map
                      "2008-02-04 02:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
                      - C:\Program Files\AdwareAlert\AdwareAlert.ex
                      - C:\Program Files\AdwareAlert.WesleyWRuns AdwareAlert to scan your computer for malicious and potenially unwanted programs.
                      .
                      **************************************************************************

                      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2008-02-04 18:58:24
                      Windows 5.1.2600 Service Pack 2 NTFS

                      scannen van verborgen processen ...

                      scannen van verborgen autostart items ...

                      scannen van verborgen bestanden ...

                      Scan succesvol afgerond
                      verborgen bestanden: 0

                      **************************************************************************
                      .
                      Voltooingstijd: 2008-02-04 18:58:38
                      ComboFix-quarantined-files.txt 2008-02-04 17:58:36
                      ComboFix2.txt 2008-02-02 14:22:05
                      ComboFix3.txt 2008-02-02 13:48:34

                      Comment


                      • #12
                        Open een kladblokbestand.
                        Kopieer de ondestaande code, en plak deze in het kladblokbestand.
                        Sla het kladblokbestand op als CFScript.txt
                        Code:
                        File::
                        C:\WINDOWS\system32\audiosrvp.dll
                        
                        Registry::
                        [-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{434ECC1E-5BFC-4A59-8978-9E282E15CB68}]
                        Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

                        ComboFix zal opnieuw starten.
                        Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
                        Post de inhoud van de logfile.

                        Comment


                        • #13
                          ComboFix 08-02.02.5 - Wesley 2008-02-04 19:30:21.4 - NTFSx86
                          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1644 [GMT 1:00]
                          Gestart vanuit: C:\Documents and Settings\Wesley\Bureaublad\ComboFix.exe
                          Command switches used :: C:\Documents and Settings\Wesley\Bureaublad\CFScript.txt
                          * Nieuw herstelpunt werd aangemaakt

                          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

                          FILE
                          C:\WINDOWS\system32\audiosrvp.dll
                          .

                          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                          .

                          C:\WINDOWS\system32\audiosrvp.dll . . . . konden niet verwijderd worden

                          .
                          (((((((((((((((((((( Bestanden Gemaakt van 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))
                          .

                          2008-02-04 18:35 . 2008-02-04 18:35 <DIR> d-------- C:\Program Files\Hewlett-Packard
                          2008-02-04 18:35 . 2008-02-04 18:35 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
                          2008-02-04 18:35 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
                          2008-02-04 18:35 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
                          2008-02-04 18:35 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
                          2008-02-04 18:35 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
                          2008-02-04 18:35 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
                          2008-02-04 18:35 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
                          2008-02-04 18:34 . 2008-02-04 18:34 <DIR> d-------- C:\Program Files\HP
                          2008-02-04 18:34 . 2008-02-04 18:35 112,278 --a------ C:\WINDOWS\hpoins11.dat
                          2008-02-04 18:34 . 2005-07-19 02:39 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
                          2008-02-04 18:34 . 2006-05-06 09:25 6,947 --a------ C:\WINDOWS\hpomdl11.dat
                          2008-02-04 18:15 . 2008-02-04 18:15 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
                          2008-02-04 18:15 . 2008-02-04 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
                          2008-02-02 15:37 . 19,584 C:\WINDOWS\system32\drivers\wntdksph.dat
                          2008-02-02 14:46 . 2008-02-02 14:46 <DIR> d-------- C:\Temp
                          2008-01-31 11:50 . 2008-01-31 11:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
                          2008-01-31 11:50 . 2008-01-31 11:50 1,409 --a------ C:\WINDOWS\QTFont.for
                          2008-01-28 18:46 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
                          2008-01-28 18:46 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
                          2008-01-28 18:46 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
                          2008-01-28 18:46 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
                          2008-01-28 18:46 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
                          2008-01-28 18:46 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
                          2008-01-28 18:46 . 2008-01-28 18:46 1,564 --a------ C:\WINDOWS\system32\tmp.reg
                          2008-01-22 19:38 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
                          2008-01-22 19:37 . 2008-01-22 19:37 <DIR> d-------- C:\Program Files\Common Files\Java
                          2008-01-21 23:11 . 2008-01-21 23:11 <DIR> d-------- C:\Program Files\Lavasoft
                          2008-01-21 23:11 . 2008-01-21 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                          2008-01-21 22:55 . 2008-01-21 22:55 <DIR> d-------- C:\Documents and Settings\Wesley\Application Data\AdwareAlert
                          2008-01-21 22:48 . 2008-01-21 22:49 <DIR> d-------- C:\WINDOWS\system32\AppCert
                          2008-01-21 22:48 . 2004-08-04 00:03 83,968 --a------ C:\WINDOWS\system32\audiosrvp.dll
                          2008-01-07 16:33 . 2008-01-07 16:36 <DIR> d-------- C:\Program Files\TVAnts
                          2008-01-07 15:35 . 2008-01-07 15:36 <DIR> d-------- C:\Program Files\SopCast

                          .
                          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          2008-02-04 18:32 15,968,544 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
                          2008-02-04 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
                          2008-02-04 18:31 28,808 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
                          2008-02-04 18:31 262,688 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
                          2008-02-04 18:31 219,068 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
                          2008-02-04 17:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
                          2008-02-04 17:14 --------- d-----w C:\Program Files\Common Files\Adobe
                          2008-02-02 13:31 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
                          2008-01-22 18:38 --------- d-----w C:\Program Files\Java
                          2008-01-22 18:33 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Azureus
                          2008-01-21 22:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
                          2008-01-20 22:19 --------- d-----w C:\Documents and Settings\Wesley\Application Data\LimeWire
                          2008-01-18 11:57 --------- d-----w C:\Program Files\Full Tilt Poker
                          2008-01-14 19:58 --------- d-----w C:\Program Files\Azureus
                          2008-01-11 15:13 --------- d-----w C:\Program Files\PokerStars
                          2007-12-29 12:30 --------- d-----w C:\Program Files\PartyGaming
                          2007-12-16 20:21 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Sony
                          2007-12-16 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
                          2007-12-16 20:18 --------- d-----w C:\Program Files\Sony Ericsson
                          2007-12-16 20:17 --------- d-----w C:\Program Files\QuickTime
                          2007-12-16 20:17 --------- d-----w C:\Program Files\Apple Software Update
                          2007-12-16 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
                          2007-12-16 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
                          2007-12-16 19:41 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Nokia
                          2007-12-16 19:35 --------- d-----w C:\Documents and Settings\Wesley\Application Data\PC Suite
                          2007-12-16 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
                          2007-12-16 19:34 --------- d-----w C:\Program Files\DIFX
                          2007-12-16 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
                          2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
                          2007-12-12 21:26 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
                          .

                          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          .
                          REGEDIT4
                          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{434ECC1E-5BFC-4A59-8978-9E282E15CB68}]
                          2004-08-04 00:03 83968 --a------ C:\WINDOWS\system32\audiosrvp.dll

                          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.exe]
                          "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-03-09 18:50 200768]
                          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
                          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

                          [HKLM\~\startupfolder\C:^Documents and Settings^Wesley^Menu Start^Programma's^Opstarten^Update_0801_KB212148.exe]
                          path=C:\Documents and Settings\Wesley\Menu Start\Programma's\Opstarten\Update_0801_KB212148.exe
                          backup=C:\WINDOWS\pss\Update_0801_KB212148.exeStartup

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
                          --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
                          --a------ 2006-09-25 08:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
                          --a------ 2006-02-01 16:45 98304 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
                          --a------ 2006-01-12 15:40 155648 C:\WINDOWS\system32\NeroCheck.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
                          --a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

                          [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
                          appsecdll REG_EXPAND_SZ C:\WINDOWS\system32\AppCert\wsil32.dll

                          R0 txwcqhia;txwcqhia;C:\WINDOWS\system32\drivers\wntdksph.dat
                          S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-10-01 22:11]

                          .
                          Inhoud van de 'Gedeelde Taken' map
                          "2008-02-04 02:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
                          - C:\Program Files\AdwareAlert\AdwareAlert.ex
                          - C:\Program Files\AdwareAlert.WesleyWRuns AdwareAlert to scan your computer for malicious and potenially unwanted programs.
                          .
                          **************************************************************************

                          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                          Rootkit scan 2008-02-04 19:32:23
                          Windows 5.1.2600 Service Pack 2 NTFS

                          scannen van verborgen processen ...

                          scannen van verborgen autostart items ...

                          scannen van verborgen bestanden ...

                          Scan succesvol afgerond
                          verborgen bestanden: 0

                          **************************************************************************
                          .
                          ------------------------ Other Running Processes ------------------------
                          .
                          C:\WINDOWS\system32\Ati2evxx.exe
                          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                          C:\WINDOWS\system32\Ati2evxx.exe
                          C:\WINDOWS\system32\HPZipm12.exe
                          C:\WINDOWS\system32\wdfmgr.exe
                          .
                          **************************************************************************
                          .
                          Voltooingstijd: 2008-02-04 19:33:10 - machine was rebooted
                          ComboFix-quarantined-files.txt 2008-02-04 18:33:06
                          ComboFix2.txt 2008-02-04 17:58:39
                          ComboFix3.txt 2008-02-02 14:22:05
                          ComboFix4.txt 2008-02-02 13:48:34

                          Comment


                          • #14
                            Zo zou het moeten lukken:
                            Open een kladblokbestand.
                            Kopieer de ondestaande code, en plak deze in het kladblokbestand.
                            Sla het kladblokbestand op als CFScript.txt
                            Code:
                            File::
                            C:\WINDOWS\system32\audiosrvp.dll
                            C:\WINDOWS\system32\drivers\wntdksph.dat
                            
                            Registry::
                            [-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{434ECC1E-5BFC-4A59-8978-9E282E15CB68}]
                            
                            Driver::
                            txwcqhia
                            Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

                            ComboFix zal opnieuw starten.
                            Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
                            Post de inhoud van de logfile.

                            Comment


                            • #15
                              ComboFix 08-02.02.5 - Wesley 2008-02-04 20:38:31.5 - NTFSx86
                              Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1662 [GMT 1:00]
                              Gestart vanuit: C:\Documents and Settings\Wesley\Bureaublad\ComboFix.exe
                              Command switches used :: C:\Documents and Settings\Wesley\Bureaublad\CFScript.txt
                              * Nieuw herstelpunt werd aangemaakt

                              WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

                              FILE
                              C:\WINDOWS\system32\audiosrvp.dll
                              C:\WINDOWS\system32\drivers\wntdksph.dat
                              .

                              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                              .

                              C:\WINDOWS\system32\audiosrvp.dll
                              C:\WINDOWS\system32\drivers\wntdksph.dat

                              .
                              ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

                              .
                              -------\LEGACY_TXWCQHIA
                              -------\txwcqhia


                              (((((((((((((((((((( Bestanden Gemaakt van 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))
                              .

                              2008-02-04 18:35 . 2008-02-04 18:35 <DIR> d-------- C:\Program Files\Hewlett-Packard
                              2008-02-04 18:35 . 2008-02-04 18:35 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
                              2008-02-04 18:35 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
                              2008-02-04 18:35 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
                              2008-02-04 18:35 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
                              2008-02-04 18:35 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
                              2008-02-04 18:35 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
                              2008-02-04 18:35 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
                              2008-02-04 18:34 . 2008-02-04 18:34 <DIR> d-------- C:\Program Files\HP
                              2008-02-04 18:34 . 2008-02-04 18:35 112,278 --a------ C:\WINDOWS\hpoins11.dat
                              2008-02-04 18:34 . 2005-07-19 02:39 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
                              2008-02-04 18:34 . 2006-05-06 09:25 6,947 --a------ C:\WINDOWS\hpomdl11.dat
                              2008-02-04 18:15 . 2008-02-04 18:15 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
                              2008-02-04 18:15 . 2008-02-04 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
                              2008-02-02 14:46 . 2008-02-02 14:46 <DIR> d-------- C:\Temp
                              2008-01-31 11:50 . 2008-01-31 11:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
                              2008-01-31 11:50 . 2008-01-31 11:50 1,409 --a------ C:\WINDOWS\QTFont.for
                              2008-01-28 18:46 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
                              2008-01-28 18:46 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
                              2008-01-28 18:46 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
                              2008-01-28 18:46 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
                              2008-01-28 18:46 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
                              2008-01-28 18:46 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
                              2008-01-28 18:46 . 2008-01-28 18:46 1,564 --a------ C:\WINDOWS\system32\tmp.reg
                              2008-01-22 19:38 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
                              2008-01-22 19:37 . 2008-01-22 19:37 <DIR> d-------- C:\Program Files\Common Files\Java
                              2008-01-21 23:11 . 2008-01-21 23:11 <DIR> d-------- C:\Program Files\Lavasoft
                              2008-01-21 23:11 . 2008-01-21 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                              2008-01-21 22:55 . 2008-01-21 22:55 <DIR> d-------- C:\Documents and Settings\Wesley\Application Data\AdwareAlert
                              2008-01-21 22:48 . 2008-01-21 22:49 <DIR> d-------- C:\WINDOWS\system32\AppCert
                              2008-01-07 16:33 . 2008-01-07 16:36 <DIR> d-------- C:\Program Files\TVAnts
                              2008-01-07 15:35 . 2008-01-07 15:36 <DIR> d-------- C:\Program Files\SopCast

                              .
                              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              2008-02-04 19:40 16,025,888 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
                              2008-02-04 19:39 29,000 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
                              2008-02-04 19:39 264,736 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
                              2008-02-04 19:39 219,860 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
                              2008-02-04 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
                              2008-02-04 17:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
                              2008-02-04 17:14 --------- d-----w C:\Program Files\Common Files\Adobe
                              2008-02-02 13:31 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
                              2008-01-22 18:38 --------- d-----w C:\Program Files\Java
                              2008-01-22 18:33 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Azureus
                              2008-01-21 22:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
                              2008-01-20 22:19 --------- d-----w C:\Documents and Settings\Wesley\Application Data\LimeWire
                              2008-01-18 11:57 --------- d-----w C:\Program Files\Full Tilt Poker
                              2008-01-14 19:58 --------- d-----w C:\Program Files\Azureus
                              2008-01-11 15:13 --------- d-----w C:\Program Files\PokerStars
                              2007-12-29 12:30 --------- d-----w C:\Program Files\PartyGaming
                              2007-12-16 20:21 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Sony
                              2007-12-16 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
                              2007-12-16 20:18 --------- d-----w C:\Program Files\Sony Ericsson
                              2007-12-16 20:17 --------- d-----w C:\Program Files\QuickTime
                              2007-12-16 20:17 --------- d-----w C:\Program Files\Apple Software Update
                              2007-12-16 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
                              2007-12-16 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
                              2007-12-16 19:41 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Nokia
                              2007-12-16 19:35 --------- d-----w C:\Documents and Settings\Wesley\Application Data\PC Suite
                              2007-12-16 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
                              2007-12-16 19:34 --------- d-----w C:\Program Files\DIFX
                              2007-12-16 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
                              2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
                              2007-12-12 21:26 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
                              .

                              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              .
                              REGEDIT4
                              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                              "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                              "RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.exe]
                              "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-03-09 18:50 200768]
                              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
                              "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

                              [HKLM\~\startupfolder\C:^Documents and Settings^Wesley^Menu Start^Programma's^Opstarten^Update_0801_KB212148.exe]
                              path=C:\Documents and Settings\Wesley\Menu Start\Programma's\Opstarten\Update_0801_KB212148.exe
                              backup=C:\WINDOWS\pss\Update_0801_KB212148.exeStartup

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
                              --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
                              --a------ 2006-09-25 08:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
                              --a------ 2006-02-01 16:45 98304 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
                              --a------ 2006-01-12 15:40 155648 C:\WINDOWS\system32\NeroCheck.exe

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
                              --a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

                              [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
                              appsecdll REG_EXPAND_SZ C:\WINDOWS\system32\AppCert\wsil32.dll

                              S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-10-01 22:11]

                              .
                              Inhoud van de 'Gedeelde Taken' map
                              "2008-02-04 02:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
                              - C:\Program Files\AdwareAlert\AdwareAlert.ex
                              - C:\Program Files\AdwareAlert.WesleyWRuns AdwareAlert to scan your computer for malicious and potenially unwanted programs.
                              .
                              **************************************************************************

                              catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                              Rootkit scan 2008-02-04 20:40:35
                              Windows 5.1.2600 Service Pack 2 NTFS

                              scannen van verborgen processen ...

                              scannen van verborgen autostart items ...

                              scannen van verborgen bestanden ...

                              Scan succesvol afgerond
                              verborgen bestanden: 0

                              **************************************************************************
                              .
                              ------------------------ Other Running Processes ------------------------
                              .
                              C:\WINDOWS\system32\Ati2evxx.exe
                              C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                              C:\WINDOWS\system32\Ati2evxx.exe
                              C:\WINDOWS\system32\HPZipm12.exe
                              C:\WINDOWS\system32\wdfmgr.exe
                              .
                              **************************************************************************
                              .
                              Voltooingstijd: 2008-02-04 20:41:28 - machine was rebooted
                              ComboFix-quarantined-files.txt 2008-02-04 19:41:24
                              ComboFix2.txt 2008-02-04 18:33:11
                              ComboFix3.txt 2008-02-04 17:58:39
                              ComboFix4.txt 2008-02-02 14:22:05
                              ComboFix5.txt 2008-02-02 13:48:34

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X