Mededeling

Collapse
No announcement yet.

Trojan Vundo

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Trojan Vundo

    Hey

    ik heb de laatste tijd last van Trojan vundo.
    Symantec geeft ook elke keer trojan vundo aan maar remove doet ie niet.
    ook niet toen ik de Remover van de symantec site heb gedownload.
    mijn PC loopt nu ook stukke langzamer opstarten gaat sloom deze computer openen gaat sloom en msn loopt vaak vast en ik krijg vaak popups van zoek de 3 verschillen. ( http://www.mt50.nl/acties/NL/kerstman/index.php?afid=79&zanpid=1070378956517018625 ) <<<

    Hardware:

    System Information
    ------------------
    Time of this report: 2/1/2008, 17:35:36
    Machine name: JURRIAAN2000
    Operating System: Windows XP Professional (5.1, Build 2600) Service Pack 2 (2600.xpsp_sp2_gdr.070227-2254)
    Language: English (Regional Setting: Dutch)
    System Manufacturer: System manufacturer
    System Model: System Product Name
    BIOS: BIOS Date: 10/15/07 15:44:45 Ver: 08.00.12
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+, MMX, 3DNow (2 CPUs), ~3.0GHz
    Memory: 1024MB RAM
    Page File: 529MB used, 1930MB available
    Windows Dir: C:\WINDOWS
    DirectX Version: DirectX 9.0c (4.09.0000.0904)


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:38:00, on 1-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20696)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Programs\SYMANT~1\VPTray.exe
    C:\Programs\A4Tech\Mouse\Amoumain.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\windows\system32\kmwdw64p.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Programs\Symantec AntiVirus\DefWatch.exe
    C:\NVIDIA\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programs\Symantec AntiVirus\Rtvscan.exe
    D:\Programs\RealVNC\winvnc4.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ocntnlwb.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Installs\Install's\utorrent.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\Programs\foobar2000\foobar2000.exe
    C:\Documents and Settings\Hispis\Desktop\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8100
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\Programs\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [WheelMouse] C:\Programs\A4Tech\Mouse\Amoumain.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [amd_dc_opt] D:\Programs\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [f8a79a09] rundll32.exe "C:\WINDOWS\system32\ggibrqpe.dll",b
    O4 - HKLM\..\Run: [{79-9A-AA-A6-DW}] C:\windows\system32\kmwdw64p.exe DWoli5
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\ocntnlwb.exe DWoli5
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Zilla Popup Killer] C:\Programs\Zilla\PopUpKiller\ZillaPop.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
    O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ocntnlwb.exe
    O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\kmwdw64p.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programs\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programs\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\NVIDIA\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programs\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programs\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\Programs\RealVNC\winvnc4.exe

    --
    End of file - 7787 bytes

    Help me graag.

    Groeten Jurriaan
    )._________'
    / ////_______I - - I-->>
    ) /(_)
    /__/

  • #2
    Download Combofix naar je Bureaublad.

    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
    • Dubbelklik Combofix.exe
      Volg de instructies, aanvaard de disclaimer door "1" te typen en te bevestigen via "Enter".
      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.


    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post samen met een nieuw HijackThis log.
    Groet,
    Pimmerd

    Comment


    • #3
      Hey bedankt voor je snelle reactie,

      ik hoefde niet op "1" te drukken of op "enter" ??
      ik kreeg ook toen ik terug kwam van beneden een blauw scherm met een fout iets met Kernel alhoewel toen ie opnieuw opstarten kwam er een Log

      ComboFix 08-02.01.6 - Hispis 2008-02-01 17:57:46.2 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.455 [GMT 1:00]
      Running from: C:\Documents and Settings\Hispis\Desktop\ComboFix.exe

      WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\jkkjhff.dll
      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
      C:\Documents and Settings\Hispis\Start Menu\Programs\Startup\Deewoo.lnk
      C:\Documents and Settings\Hispis\Start Menu\Programs\Startup\DW_Start.lnk
      C:\WINDOWS\adaway.lic
      C:\WINDOWS\cookies.ini
      C:\WINDOWS\system32\awtss.dll
      C:\WINDOWS\system32\epqrbigg.ini
      C:\WINDOWS\system32\ggibrqpe.dll
      C:\WINDOWS\system32\hivnyuex.dll
      C:\WINDOWS\system32\jkkjhff.dll
      C:\WINDOWS\system32\lxrsenss.dll
      C:\WINDOWS\system32\lywgcgjt.dll
      C:\WINDOWS\system32\msnav32.ax
      C:\WINDOWS\system32\pqtss.bak2
      C:\WINDOWS\system32\pqtss.ini
      C:\WINDOWS\system32\rrqss.ini
      C:\WINDOWS\system32\sstqp.dll
      C:\WINDOWS\system32\sstwa.bak1
      C:\WINDOWS\system32\sstwa.ini
      C:\WINDOWS\system32\tjgcgwyl.ini
      C:\WINDOWS\system32\winpfz37.sys
      C:\WINDOWS\system32\zxdnt3d.cfg

      ----- BITS: Possible infected sites -----

      hxxp://au.download.windowsupdate.com
      .
      ((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
      .

      2008-02-01 17:48 . 2008-02-01 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop
      2008-01-30 17:32 . 2002-03-04 12:27 1,140,472 --a------ C:\WINDOWS\system32\IGUltraGrid20.ocx
      2008-01-30 17:32 . 2004-03-08 23:00 131,856 --a------ C:\WINDOWS\system32\MSADODC.ocx
      2008-01-30 17:32 . 2000-07-15 05:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
      2008-01-30 17:32 . 1999-01-26 19:36 11,012 --a------ C:\WINDOWS\system32\threadapi.tlb
      2008-01-30 17:20 . 2008-01-30 17:20 49,188 --a------ C:\WINDOWS\system32\kmwdw64p.exe
      2008-01-30 17:07 . 2008-01-30 17:07 200,774 --a------ C:\WINDOWS\system32\ocntnlwb.exe
      2008-01-30 17:07 . 2008-01-30 17:07 49,167 --a------ C:\WINDOWS\system32\rwwdw64d.exe
      2008-01-30 16:50 . 2000-05-21 22:00 83,144 --a------ C:\WINDOWS\system32\picclp32.ocx
      2008-01-30 16:50 . 2001-04-26 16:12 57,399 --a------ C:\WINDOWS\system32\Registry.ocx
      2008-01-30 16:21 . 2005-08-27 02:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx
      2008-01-27 14:51 . 2008-01-27 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-01-27 01:15 . 2008-01-30 15:49 <DIR> d-------- C:\Documents and Settings\Hispis\Application Data\VMware
      2008-01-27 01:01 . 2008-01-30 15:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\VMware
      2008-01-27 00:57 . 2008-01-30 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VMware
      2008-01-27 00:30 . 2008-01-27 00:30 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
      2008-01-27 00:24 . 2008-01-27 00:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
      2008-01-27 00:16 . 2008-01-27 00:16 <DIR> d-------- C:\Documents and Settings\Hispis\Application Data\DAEMON Tools
      2008-01-26 23:21 . 2008-01-26 23:21 <DIR> d-------- C:\myspacepicstorrent
      2008-01-26 15:06 . 2008-01-26 15:06 <DIR> d-------- C:\WINDOWS\SHELLNEW
      2008-01-26 15:06 . 2008-01-26 15:06 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
      2008-01-26 15:06 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
      2008-01-26 15:06 . 2008-01-26 15:06 376 --a------ C:\WINDOWS\ODBC.INI
      2008-01-26 15:05 . 2008-01-26 15:05 <DIR> d-------- C:\Program Files\Microsoft.NET
      2008-01-26 15:04 . 2008-01-26 15:04 <DIR> dr-h----- C:\MSOCache
      2008-01-23 18:12 . 2008-01-23 18:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2008-01-23 18:12 . 2008-01-23 18:12 1,409 --a------ C:\WINDOWS\QTFont.for
      2008-01-21 16:04 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
      2008-01-20 15:12 . 2008-01-30 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-01-19 20:21 . 2008-01-19 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
      2008-01-11 01:29 . 2008-01-11 01:29 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
      2008-01-10 18:09 . 2008-01-10 18:09 <DIR> d-------- C:\WINDOWS\solcache
      2008-01-10 18:01 . 2008-01-10 18:13 <DIR> d-------- C:\Program Files\Sierra On-Line
      2008-01-10 18:01 . 1998-10-30 23:21 1,022,976 --a------ C:\WINDOWS\system32\SierraNW.dll
      2008-01-10 18:01 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
      2008-01-10 18:01 . 1998-10-30 23:21 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll
      2008-01-10 18:01 . 2008-01-10 18:09 344 --a------ C:\WINDOWS\SIERRA.INI
      2008-01-10 15:33 . 2007-10-11 00:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
      2008-01-10 15:33 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
      2008-01-10 15:33 . 2007-07-01 04:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
      2008-01-10 15:33 . 2007-10-11 00:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
      2008-01-10 15:33 . 2007-10-11 00:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
      2008-01-10 15:33 . 2007-10-11 00:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
      2008-01-10 15:33 . 2007-10-11 00:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
      2008-01-10 15:33 . 2007-10-11 00:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
      2008-01-10 15:33 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
      2008-01-09 18:35 . 2007-02-28 10:10 2,180,352 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
      2008-01-09 18:35 . 2007-02-28 10:08 2,136,064 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
      2008-01-09 18:35 . 2007-02-28 09:38 2,057,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
      2008-01-09 18:35 . 2007-02-28 09:38 2,015,744 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
      2008-01-09 18:33 . 2006-06-14 09:47 172,416 -----c--- C:\WINDOWS\system32\dllcache\kmixer.sys
      2008-01-09 18:33 . 2006-06-14 10:00 82,944 -----c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
      2008-01-09 18:33 . 2006-06-14 09:47 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
      2008-01-09 18:26 . 2006-06-01 19:47 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll
      2008-01-09 18:26 . 2006-06-01 19:47 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll
      2008-01-09 18:02 . 2008-01-30 17:40 <DIR> d-------- C:\WINDOWS\system32\NtmsData
      2008-01-09 17:38 . 2007-11-14 16:51 524,288 --a------ C:\WINDOWS\M2V-ASUS-2001.ROM
      2008-01-09 17:36 . 2008-01-09 17:38 428,804 --a------ C:\WINDOWS\M2V2001.zip
      2008-01-09 17:30 . 2005-03-09 14:53 36,352 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
      2008-01-09 17:29 . 2008-01-09 17:29 <DIR> d-------- C:\Documents and Settings\Hispis\Application Data\InstallShield
      2008-01-09 17:14 . 2008-01-09 17:14 <DIR> d-------- C:\Documents and Settings\Hispis\Application Data\SystemRequirementsLab
      2008-01-09 17:13 . 2006-05-05 10:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
      2008-01-08 23:57 . 2008-02-01 18:07 1,073,037,312 --a------ C:\WINDOWS\MEMORY.DMP
      2008-01-08 23:24 . 2004-08-04 02:07 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
      2008-01-08 23:23 . 2004-08-04 02:07 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
      2008-01-08 23:22 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
      2008-01-08 23:21 . 2008-01-08 23:21 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
      2008-01-08 23:21 . 2008-01-08 23:21 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
      2008-01-08 23:21 . 2008-01-08 23:21 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
      2008-01-08 23:21 . 2008-01-08 23:21 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
      2008-01-08 23:21 . 2008-01-08 23:21 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
      2008-01-08 23:21 . 2008-01-08 23:21 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
      2008-01-08 23:20 . 2004-08-04 02:07 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
      2008-01-08 23:06 . 2004-08-04 02:07 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
      2008-01-08 23:06 . 2004-08-04 02:07 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
      2008-01-08 23:06 . 2004-08-04 02:07 13,312 --a------ C:\WINDOWS\system32\irclass.dll
      2008-01-08 23:06 . 2004-08-04 02:07 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
      2008-01-08 22:04 . 2007-06-24 08:42 8,231,936 --a------ C:\WINDOWS\system32\wmploc.backup
      2008-01-08 22:04 . 2007-10-11 00:47 1,832,960 --a------ C:\WINDOWS\system32\inetcpl.backup
      2008-01-08 22:04 . 2007-06-24 08:39 1,497,088 --a------ C:\WINDOWS\system32\shdocvw.backup
      2008-01-08 22:04 . 2007-06-24 08:38 1,022,976 --a------ C:\WINDOWS\system32\browseui.backup
      2008-01-08 22:04 . 2004-08-04 00:56 514,560 --a------ C:\WINDOWS\system32\logonui.backup
      2008-01-08 22:04 . 2007-10-11 00:47 105,984 --a------ C:\WINDOWS\system32\url.backup
      2008-01-08 22:04 . 2006-06-14 21:29 54,689 --a------ C:\WINDOWS\system32\VIPicon.ico
      2008-01-08 22:04 . 2006-08-02 15:01 138 --a------ C:\WINDOWS\system32\VIPuninstall.bat
      2008-01-08 22:02 . 2007-06-24 08:39 985,088 --a------ C:\WINDOWS\system32\setupapi.backup
      2008-01-08 22:00 . 2008-01-09 17:06 <DIR> d-------- C:\WINDOWS\VIPv3
      2008-01-08 22:00 . 2003-06-22 12:31 65,536 --a------ C:\WINDOWS\system32\vbalProgBar6.ocx
      2008-01-08 22:00 . 2006-08-15 23:21 96 --a------ C:\WINDOWS\docs.ini
      2008-01-08 20:13 . 2008-01-08 20:13 <DIR> d-------- C:\Documents and Settings\Hispis\WINDOWS
      2008-01-08 20:13 . 2000-07-21 12:45 303,619 --a------ C:\WINDOWS\uninst.exe
      2008-01-08 19:50 . 2008-01-08 19:50 <DIR> d-------- C:\Documents and Settings\Hispis\LimeWire Store Purchased
      2008-01-07 17:47 . 2008-01-30 17:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-01 17:01 --------- d-----w C:\Documents and Settings\Hispis\Application Data\foobar2000
      2008-02-01 16:54 --------- d-----w C:\Documents and Settings\Hispis\Application Data\uTorrent
      2008-01-30 16:40 --------- d-----w C:\Program Files\MSN Messenger
      2008-01-30 16:39 --------- d-----w C:\Documents and Settings\Hispis\Application Data\Ventrilo
      2008-01-30 16:39 --------- d-----w C:\Documents and Settings\Hispis\Application Data\SolidWorks
      2008-01-30 16:39 --------- d-----w C:\Documents and Settings\Hispis\Application Data\DWGeditor
      2008-01-26 23:09 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
      2008-01-19 15:14 --------- d-----w C:\Documents and Settings\Hispis\Application Data\Xfire
      2008-01-15 13:47 --------- d-----w C:\Documents and Settings\Hispis\Application Data\Hamachi
      2008-01-09 17:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
      2008-01-09 16:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-01-04 17:20 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
      2008-01-04 17:20 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
      2007-12-29 16:33 --------- d-----w C:\Program Files\NVIDIA nTune Performance Application
      2007-12-29 13:10 --------- d-----w C:\Documents and Settings\Hispis\Application Data\IGN_DLM
      2007-12-27 21:47 --------- d-----w C:\Documents and Settings\Hispis\Application Data\teamspeak2
      2007-12-25 20:10 --------- d--h--w C:\Documents and Settings\Hispis\Application Data\ijjigame
      2007-12-25 10:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
      2007-12-24 17:27 --------- d-----w C:\Program Files\foobar2000
      2007-12-23 12:54 --------- d-----w C:\Program Files\Common Files\Adobe
      2007-12-23 12:53 --------- d-----w C:\Program Files\SolidWorks Installation Manager
      2007-12-23 12:53 --------- d-----w C:\Program Files\Common Files\SolidWorks Shared
      2007-12-16 15:15 2,208 ----a-w C:\WINDOWS\system32\drivers\nxsIO32.sys
      2007-12-12 16:25 426,691 ----a-w C:\WINDOWS\M2V1603.zip
      2007-12-09 19:08 --------- d-----w C:\Documents and Settings\Hispis\Application Data\GetRightToGo
      2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
      2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
      2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
      2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
      2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
      2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
      2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
      2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
      2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
      2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
      2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
      2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
      2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
      2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
      2007-12-05 00:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
      2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
      2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
      2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
      2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
      2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
      2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
      2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
      2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
      2007-12-05 00:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
      2007-12-05 00:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
      2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
      2007-12-05 00:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
      2007-12-05 00:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
      2007-12-05 00:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
      2007-12-05 00:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
      2007-12-05 00:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll
      2007-12-05 00:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
      2007-12-05 00:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
      2007-11-22 23:46 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
      2007-11-22 23:44 22,328 ----a-w C:\Documents and Settings\Hispis\Application Data\PnkBstrK.sys
      2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
      2007-08-08 16:06 561,556 --sha-w C:\WINDOWS\system32\xdydclpm.ini.ren
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 15360]
      "Zilla Popup Killer"="C:\Programs\Zilla\PopUpKiller\ZillaPop.exe" [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 14:52 48752]
      "vptray"="C:\Programs\SYMANT~1\VPTray.exe" [2005-04-17 11:30 85184]
      "WheelMouse"="C:\Programs\A4Tech\Mouse\Amoumain.exe" [2006-02-17 10:14 163840]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
      "amd_dc_opt"="D:\Programs\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06 77824]
      "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 08:34 16143872 C:\WINDOWS\RTHDCPL.EXE]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
      "{79-9A-AA-A6-DW}"="c:\windows\system32\rwwdw64d.exe" [2008-01-30 17:07 49167]
      "PC Pitstop Optimize2 Reminder"="C:\Programs\Optimize2\Reminder.exe" [2008-01-31 13:54 145648]
      "ExploreUpdSched"="C:\WINDOWS\system32\ocntnlwb.exe" [2008-01-30 17:07 200774]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:07 15360]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "ShowDeskFix"="regsvr32 /s /n /i:u shell32"
      "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 22:59 44544]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
      -ra------ 2005-05-03 11:43 69632 C:\WINDOWS\ALCMTR.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
      D:\Programs\DAEMON Tools\daemon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
      D:\Programs\DAEMON Tools Pro\DTProAgent.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
      C:\WINDOWS\system32\dumprep 0 -k

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
      --a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\NvCpl.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
      --a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\NvMcTray.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
      --a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
      -ra------ 2006-04-17 08:34 16143872 C:\WINDOWS\RTHDCPL.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      --a--c--- 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIPv3_Auto_Update]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrv]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]

      R2 nxsIO32;NextSensor Kernel I/O Driver;C:\WINDOWS\System32\DRIVERS\nxsIO32.sys [2007-12-16 16:15]
      R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-08-29 18:41]
      S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2006-05-09 09:27]
      S3 hitmanpro2;Hitman Pro 2 Driver;D:\Programs\Hitman Pro\hitmanpro2.sys
      S3 Moufiltr;Mouse Test Driver;C:\WINDOWS\system32\DRIVERS\Moufiltr.sys [2005-08-06 14:13]
      S3 MouseCap;MouseCapture Driver;C:\WINDOWS\system32\Drivers\MouseCap.sys [2005-08-08 13:44]

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-01 18:07:49
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\WINDOWS\system32\savedump.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Programs\Symantec AntiVirus\DefWatch.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Programs\SYMANT~1\VPTray.exe
      C:\Programs\A4Tech\Mouse\Amoumain.exe
      C:\NVIDIA\nTune\nTuneService.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\system32\RUNDLL32.EXE
      c:\windows\system32\rwwdw64d.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\Programs\Symantec AntiVirus\DoScan.exe
      C:\Programs\Symantec AntiVirus\Rtvscan.exe
      D:\Programs\RealVNC\winvnc4.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\ocntnlwb.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\WINDOWS\system32\wscntfy.exe
      .
      **************************************************************************
      .
      Completion time: 2008-02-01 18:09:58 - machine was rebooted [Hispis]
      ComboFix-quarantined-files.txt 2008-02-01 17:09:19
      .
      2008-01-12 17:30:50 --- E O F ---

      NIEUWE HIJACKTHIS REPORT

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:14:26, on 1-2-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.20696)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Programs\Symantec AntiVirus\DefWatch.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Programs\SYMANT~1\VPTray.exe
      C:\Programs\A4Tech\Mouse\Amoumain.exe
      C:\NVIDIA\nTune\nTuneService.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\system32\ctfmon.exe
      c:\windows\system32\rwwdw64d.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Programs\Symantec AntiVirus\Rtvscan.exe
      D:\Programs\RealVNC\winvnc4.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\ocntnlwb.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Documents and Settings\Hispis\Desktop\HiJackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8100
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      O2 - BHO: VirtualCamera IEMenu Class - {0246A1A7-820A-469A-85A7-7B7F01EB808C} - D:\Programs\VirtualCamera\VirtualCameraMenuSwap.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [vptray] C:\Programs\SYMANT~1\VPTray.exe
      O4 - HKLM\..\Run: [WheelMouse] C:\Programs\A4Tech\Mouse\Amoumain.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [amd_dc_opt] D:\Programs\AMD\Dual-Core Optimizer\amd_dc_opt.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [{79-9A-AA-A6-DW}] c:\windows\system32\rwwdw64d.exe DWoli5
      O4 - HKLM\..\Run: [PC Pitstop Optimize2 Reminder] C:\Programs\Optimize2\Reminder.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Zilla Popup Killer] C:\Programs\Zilla\PopUpKiller\ZillaPop.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
      O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ocntnlwb.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programs\MICROS~1\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
      O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
      O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
      O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programs\Symantec AntiVirus\DefWatch.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\NVIDIA\nTune\nTuneService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programs\Symantec AntiVirus\SavRoam.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programs\Symantec AntiVirus\Rtvscan.exe
      O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\Programs\RealVNC\winvnc4.exe

      --
      End of file - 7826 bytes
      )._________'
      / ////_______I - - I-->>
      ) /(_)
      /__/

      Comment


      • #4
        Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

        File::
        C:\WINDOWS\system32\kmwdw64p.exe
        C:\WINDOWS\system32\ocntnlwb.exe
        C:\WINDOWS\system32\rwwdw64d.exe

        Registry::
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "{79-9A-AA-A6-DW}"=-
        "ExploreUpdSched"=-
        [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

        Sla dit op op je Bureaublad als CFScript.txt

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.
        Start opnieuw op als daarom gevraagd wordt,
        en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
        Groet,
        Pimmerd

        Comment


        • #5
          Hier de Combofix log en de Hijackthis log

          ComboFix 08-02.01.6 - Hispis 2008-02-01 22:46:21.3 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.486 [GMT 1:00]
          Running from: C:\Documents and Settings\Hispis\Desktop\ComboFix.exe
          Command switches used :: C:\Documents and Settings\Hispis\Desktop\CFScript.txt
          * Created a new restore point

          WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

          FILE
          C:\WINDOWS\system32\kmwdw64p.exe
          C:\WINDOWS\system32\ocntnlwb.exe
          C:\WINDOWS\system32\rwwdw64d.exe
          .

          ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
          C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
          C:\Documents and Settings\Hispis\Start Menu\Programs\Startup\Deewoo.lnk
          C:\WINDOWS\system32\msnav32.ax
          C:\WINDOWS\system32\ocntnlwb.exe
          C:\WINDOWS\system32\winpfz37.sys
          C:\WINDOWS\system32\zxdnt3d.cfg

          ----- BITS: Possible infected sites -----

          hxxp://au.download.windowsupdate.com
          .
          ((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
          .

          2008-02-01 21:49 . 2008-02-01 21:49 90 --ahs---- C:\WINDOWS\klif.spi
          2008-02-01 21:21 . 2008-02-01 21:46 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
          2008-02-01 21:21 . 2008-02-01 21:21 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
          2008-02-01 21:12 . 2008-02-01 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
          2008-02-01 20:35 . 2008-02-01 22:57 1,944,352 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
          2008-02-01 20:35 . 2008-02-01 22:55 22,304 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
          2008-02-01 20:35 . 2008-02-01 21:42 3,680 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
          2008-02-01 20:35 . 2008-02-01 21:42 2,504 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
          2008-02-01 20:29 . 2008-02-01 21:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
          2008-02-01 18:38 . 2008-02-01 18:38 49,174 --a------ C:\WINDOWS\system32\kmwdw64j.exe
          2008-02-01 17:48 . 2008-02-01 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop
          2008-01-30 17:32 . 2002-03-04 12:27 1,140,472 --a------ C:\WINDOWS\system32\IGUltraGrid20.ocx
          2008-01-30 17:32 . 2004-03-08 23:00 131,856 --a------ C:\WINDOWS\system32\MSADODC.ocx
          2008-01-30 17:32 . 2000-07-15 05:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
          2008-01-30 17:32 . 1999-01-26 19:36 11,012 --a------ C:\WINDOWS\system32\threadapi.tlb
          2008-01-30 16:50 . 2000-05-21 22:00 83,144 --a------ C:\WINDOWS\system32\picclp32.ocx
          2008-01-30 16:50 . 2001-04-26 16:12 57,399 --a------ C:\WINDOWS\system32\Registry.ocx
          2008-01-30 16:21 . 2005-08-27 02:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx
          2008-01-27 14:51 . 2008-01-27 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-01-27 01:15 . 2008-01-30 15:49 <DIR> d-------- C:\Documents and Settings\Hispis\Application Data\VMware
          2008-01-27 01:01 . 2008-01-30 15:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\VMware
          2008-01-27 00:57 . 2008-01-30 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VMware
          2008-01-27 00:30 . 2008-01-27 00:30 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
          2008-01-27 00:24 . 2008-01-27 00:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
          2008-01-27 00:16 . 2008-01-27 00:16 <DIR> d-------- C:\Documents and Settings\Hispis\Application Data\DAEMON Tools
          2008-01-26 15:06 . 2008-01-26 15:06 <DIR> d-------- C:\WINDOWS\SHELLNEW
          2008-01-26 15:06 . 2008-01-26 15:06 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
          2008-01-26 15:06 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
          2008-01-26 15:06 . 2008-01-26 15:06 376 --a------ C:\WINDOWS\ODBC.INI
          2008-01-26 15:05 . 2008-01-26 15:05 <DIR> d-------- C:\Program Files\Microsoft.NET
          2008-01-26 15:04 . 2008-01-26 15:04 <DIR> dr-h----- C:\MSOCache
          2008-01-23 18:12 . 2008-01-23 18:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
          2008-01-23 18:12 . 2008-01-23 18:12 1,409 --a------ C:\WINDOWS\QTFont.for
          2008-01-21 16:04 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
          2008-01-20 15:12 . 2008-01-30 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
          2008-01-19 20:21 . 2008-01-19 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
          2008-01-11 01:29 . 2008-01-11 01:29 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
          2008-01-10 18:09 . 2008-01-10 18:09 <DIR> d-------- C:\WINDOWS\solcache
          2008-01-10 18:01 . 2008-01-10 18:13 <DIR> d-------- C:\Program Files\Sierra On-Line
          2008-01-10 18:01 . 1998-10-30 23:21 1,022,976 --a------ C:\WINDOWS\system32\SierraNW.dll
          2008-01-10 18:01 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
          2008-01-10 18:01 . 1998-10-30 23:21 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll
          2008-01-10 18:01 . 2008-01-10 18:09 344 --a------ C:\WINDOWS\SIERRA.INI
          2008-01-10 15:33 . 2007-10-11 00:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
          2008-01-10 15:33 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
          2008-01-10 15:33 . 2007-07-01 04:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
          2008-01-10 15:33 . 2007-10-11 00:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
          2008-01-10 15:33 . 2007-10-11 00:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
          2008-01-10 15:33 . 2007-10-11 00:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
          2008-01-10 15:33 . 2007-10-11 00:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
          2008-01-10 15:33 . 2007-10-11 00:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
          2008-01-10 15:33 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
          2008-01-09 18:35 . 2007-02-28 10:10 2,180,352 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
          2008-01-09 18:35 . 2007-02-28 10:08 2,136,064 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
          2008-01-09 18:35 . 2007-02-28 09:38 2,057,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
          2008-01-09 18:35 . 2007-02-28 09:38 2,015,744 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
          2008-01-09 18:33 . 2006-06-14 09:47 172,416 -----c--- C:\WINDOWS\system32\dllcache\kmixer.sys
          2008-01-09 18:33 . 2006-06-14 10:00 82,944 -----c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
          2008-01-09 18:33 . 2006-06-14 09:47 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
          2008-01-09 18:26 . 2006-06-01 19:47 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll
          2008-01-09 18:26 . 2006-06-01 19:47 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll
          2008-01-09 18:02 . 2008-01-30 17:40 <DIR> d-------- C:\WINDOWS\system32\NtmsData
          2008-01-09 17:38 . 2007-11-14 16:51 524,288 --a------ C:\WINDOWS\M2V-ASUS-2001.ROM
          2008-01-09 17:36 . 2008-01-09 17:38 428,804 --a------ C:\WINDOWS\M2V2001.zip
          2008-01-09 17:30 . 2005-03-09 14:53 36,352 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
          2008-01-09 17:29 . 2008-01-09 17:29 <DIR> d-------- C:\Documents and Settings\Hispis\Application Data\InstallShield
          2008-01-09 17:14 . 2008-01-09 17:14 <DIR> d-------- C:\Documents and Settings\Hispis\Application Data\SystemRequirementsLab
          2008-01-09 17:13 . 2006-05-05 10:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
          2008-01-08 23:57 . 2008-02-01 18:07 1,073,037,312 --a------ C:\WINDOWS\MEMORY.DMP
          2008-01-08 23:24 . 2004-08-04 02:07 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
          2008-01-08 23:23 . 2004-08-04 02:07 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
          2008-01-08 23:22 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
          2008-01-08 23:21 . 2008-01-08 23:21 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
          2008-01-08 23:21 . 2008-01-08 23:21 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
          2008-01-08 23:21 . 2008-01-08 23:21 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
          2008-01-08 23:21 . 2008-01-08 23:21 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
          2008-01-08 23:21 . 2008-01-08 23:21 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
          2008-01-08 23:21 . 2008-01-08 23:21 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
          2008-01-08 23:20 . 2004-08-04 02:07 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
          2008-01-08 23:06 . 2004-08-04 02:07 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
          2008-01-08 23:06 . 2004-08-04 02:07 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
          2008-01-08 23:06 . 2004-08-04 02:07 13,312 --a------ C:\WINDOWS\system32\irclass.dll
          2008-01-08 23:06 . 2004-08-04 02:07 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
          2008-01-08 22:04 . 2007-06-24 08:42 8,231,936 --a------ C:\WINDOWS\system32\wmploc.backup
          2008-01-08 22:04 . 2007-10-11 00:47 1,832,960 --a------ C:\WINDOWS\system32\inetcpl.backup
          2008-01-08 22:04 . 2007-06-24 08:39 1,497,088 --a------ C:\WINDOWS\system32\shdocvw.backup
          2008-01-08 22:04 . 2007-06-24 08:38 1,022,976 --a------ C:\WINDOWS\system32\browseui.backup
          2008-01-08 22:04 . 2004-08-04 00:56 514,560 --a------ C:\WINDOWS\system32\logonui.backup
          2008-01-08 22:04 . 2007-10-11 00:47 105,984 --a------ C:\WINDOWS\system32\url.backup
          2008-01-08 22:04 . 2006-06-14 21:29 54,689 --a------ C:\WINDOWS\system32\VIPicon.ico
          2008-01-08 22:04 . 2006-08-02 15:01 138 --a------ C:\WINDOWS\system32\VIPuninstall.bat
          2008-01-08 22:02 . 2007-06-24 08:39 985,088 --a------ C:\WINDOWS\system32\setupapi.backup
          2008-01-08 22:00 . 2008-01-09 17:06 <DIR> d-------- C:\WINDOWS\VIPv3
          2008-01-08 22:00 . 2003-06-22 12:31 65,536 --a------ C:\WINDOWS\system32\vbalProgBar6.ocx
          2008-01-08 22:00 . 2006-08-15 23:21 96 --a------ C:\WINDOWS\docs.ini
          2008-01-08 20:13 . 2008-01-08 20:13 <DIR> d-------- C:\Documents and Settings\Hispis\WINDOWS
          2008-01-08 20:13 . 2000-07-21 12:45 303,619 --a------ C:\WINDOWS\uninst.exe
          2008-01-08 19:50 . 2008-01-08 19:50 <DIR> d-------- C:\Documents and Settings\Hispis\LimeWire Store Purchased
          2008-01-07 17:47 . 2008-01-30 17:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

          .
          (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-02-01 20:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
          2008-02-01 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
          2008-02-01 20:11 --------- d-----w C:\Documents and Settings\Hispis\Application Data\uTorrent
          2008-02-01 17:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
          2008-02-01 17:01 --------- d-----w C:\Documents and Settings\Hispis\Application Data\foobar2000
          2008-01-30 16:40 --------- d-----w C:\Program Files\MSN Messenger
          2008-01-30 16:39 --------- d-----w C:\Documents and Settings\Hispis\Application Data\Ventrilo
          2008-01-30 16:39 --------- d-----w C:\Documents and Settings\Hispis\Application Data\SolidWorks
          2008-01-30 16:39 --------- d-----w C:\Documents and Settings\Hispis\Application Data\DWGeditor
          2008-01-26 23:09 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
          2008-01-19 15:14 --------- d-----w C:\Documents and Settings\Hispis\Application Data\Xfire
          2008-01-15 13:47 --------- d-----w C:\Documents and Settings\Hispis\Application Data\Hamachi
          2008-01-09 16:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2008-01-04 17:20 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
          2008-01-04 17:20 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
          2007-12-29 16:33 --------- d-----w C:\Program Files\NVIDIA nTune Performance Application
          2007-12-29 13:10 --------- d-----w C:\Documents and Settings\Hispis\Application Data\IGN_DLM
          2007-12-27 21:47 --------- d-----w C:\Documents and Settings\Hispis\Application Data\teamspeak2
          2007-12-25 20:10 --------- d--h--w C:\Documents and Settings\Hispis\Application Data\ijjigame
          2007-12-25 10:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
          2007-12-24 17:27 --------- d-----w C:\Program Files\foobar2000
          2007-12-23 12:54 --------- d-----w C:\Program Files\Common Files\Adobe
          2007-12-23 12:53 --------- d-----w C:\Program Files\SolidWorks Installation Manager
          2007-12-23 12:53 --------- d-----w C:\Program Files\Common Files\SolidWorks Shared
          2007-12-17 23:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
          2007-12-17 23:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
          2007-12-16 15:15 2,208 ----a-w C:\WINDOWS\system32\drivers\nxsIO32.sys
          2007-12-13 12:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
          2007-12-12 16:25 426,691 ----a-w C:\WINDOWS\M2V1603.zip
          2007-12-09 19:08 --------- d-----w C:\Documents and Settings\Hispis\Application Data\GetRightToGo
          2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
          2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
          2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
          2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
          2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
          2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
          2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
          2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
          2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
          2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
          2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
          2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
          2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
          2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
          2007-12-05 00:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
          2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
          2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
          2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
          2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
          2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
          2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
          2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
          2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
          2007-12-05 00:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
          2007-12-05 00:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
          2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
          2007-12-05 00:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
          2007-12-05 00:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
          2007-12-05 00:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
          2007-12-05 00:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
          2007-12-05 00:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll
          2007-12-05 00:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
          2007-12-05 00:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
          2007-11-22 23:46 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
          2007-11-22 23:44 22,328 ----a-w C:\Documents and Settings\Hispis\Application Data\PnkBstrK.sys
          2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
          2007-08-08 16:06 561,556 --sha-w C:\WINDOWS\system32\xdydclpm.ini.ren
          .

          ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Note* empty entries & legit default entries are not shown
          REGEDIT4

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 15360]
          "Zilla Popup Killer"="C:\Programs\Zilla\PopUpKiller\ZillaPop.exe" [ ]
          "NVIDIA nTune"="C:\NVIDIA\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "WheelMouse"="C:\Programs\A4Tech\Mouse\Amoumain.exe" [2006-02-17 10:14 163840]
          "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
          "amd_dc_opt"="D:\Programs\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06 77824]
          "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 08:34 16143872 C:\WINDOWS\RTHDCPL.EXE]
          "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
          "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
          "AVP"="C:\Programs\Kaspersky Anti-Virus 7.0\avp.exe" [2007-12-18 00:43 227856]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:07 15360]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
          "ShowDeskFix"="regsvr32 /s /n /i:u shell32"
          "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 22:59 44544]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
          -ra------ 2005-05-03 11:43 69632 C:\WINDOWS\ALCMTR.EXE

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
          D:\Programs\DAEMON Tools\daemon.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
          D:\Programs\DAEMON Tools Pro\DTProAgent.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
          --a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\NvCpl.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
          --a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\NvMcTray.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
          --a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
          -ra------ 2006-04-17 08:34 16143872 C:\WINDOWS\RTHDCPL.EXE

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
          --a--c--- 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIPv3_Auto_Update]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrv]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]

          R2 nxsIO32;NextSensor Kernel I/O Driver;C:\WINDOWS\System32\DRIVERS\nxsIO32.sys [2007-12-16 16:15]
          R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-08-29 18:41]
          R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
          S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2006-05-09 09:27]
          S3 cpuz128;cpuz128;C:\DOCUME~1\Hispis\LOCALS~1\Temp\cpuz_x32.sys
          S3 hitmanpro2;Hitman Pro 2 Driver;D:\Programs\Hitman Pro\hitmanpro2.sys
          S3 Moufiltr;Mouse Test Driver;C:\WINDOWS\system32\DRIVERS\Moufiltr.sys [2005-08-06 14:13]
          S3 MouseCap;MouseCapture Driver;C:\WINDOWS\system32\Drivers\MouseCap.sys [2005-08-08 13:44]

          *Newly Created Service* - KL1
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-02-01 22:56:56
          Windows 5.1.2600 Service Pack 2 NTFS

          scanning hidden processes ...

          scanning hidden autostart entries ...

          scanning hidden files ...

          scan completed successfully
          hidden files: 0

          **************************************************************************
          .
          Completion time: 2008-02-01 22:59:41
          ComboFix-quarantined-files.txt 2008-02-01 21:59:35
          ComboFix2.txt 2008-02-01 17:09:58
          .
          2008-01-12 17:30:50 --- E O F ---







          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 23:02:28, on 1-2-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.20696)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Programs\A4Tech\Mouse\Amoumain.exe
          C:\WINDOWS\RTHDCPL.EXE
          C:\windows\system32\kmwdw64j.exe
          C:\Programs\Kaspersky Anti-Virus 7.0\avp.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Programs\Kaspersky Anti-Virus 7.0\avp.exe
          C:\NVIDIA\nTune\nTuneService.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\system32\PnkBstrA.exe
          C:\WINDOWS\system32\svchost.exe
          D:\Programs\RealVNC\winvnc4.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\WINDOWS\system32\wbem\wmiapsrv.exe
          C:\Program Files\MSN Messenger\usnsvc.exe
          D:\Programs\Winamp\winamp.exe
          C:\WINDOWS\explorer.exe
          C:\WINDOWS\system32\notepad.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\Documents and Settings\Hispis\Desktop\HiJackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8100
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
          O2 - BHO: VirtualCamera IEMenu Class - {0246A1A7-820A-469A-85A7-7B7F01EB808C} - D:\Programs\VirtualCamera\VirtualCameraMenuSwap.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
          O4 - HKLM\..\Run: [WheelMouse] C:\Programs\A4Tech\Mouse\Amoumain.exe
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [amd_dc_opt] D:\Programs\AMD\Dual-Core Optimizer\amd_dc_opt.exe
          O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [AVP] "C:\Programs\Kaspersky Anti-Virus 7.0\avp.exe"
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [Zilla Popup Killer] C:\Programs\Zilla\PopUpKiller\ZillaPop.exe
          O4 - HKCU\..\Run: [NVIDIA nTune] "C:\NVIDIA\nTune\nTuneCmd.exe" clear
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
          O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
          O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
          O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programs\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
          O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programs\MICROS~1\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
          O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
          O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
          O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
          O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
          O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
          O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
          O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
          O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
          O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
          O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
          O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programs\Kaspersky Anti-Virus 7.0\avp.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\NVIDIA\nTune\nTuneService.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
          O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
          O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\Programs\RealVNC\winvnc4.exe

          --
          End of file - 6822 bytes
          )._________'
          / ////_______I - - I-->>
          ) /(_)
          /__/

          Comment


          • #6
            Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

            File::
            C:\WINDOWS\system32\kmwdw64j.exe

            Sla dit op op je Bureaublad als CFScript.txt

            Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



            Dit zal ComboFix doen herstarten.
            Start opnieuw op als daarom gevraagd wordt,
            en post de inhoud van de Combofix.txt in je volgende antwoord
            Groet,
            Pimmerd

            Comment


            • #7
              Hier is de ComboFix logje

              ComboFix 08-02.01.6 - Hispis 2008-02-01 23:38:55.4 - NTFSx86
              Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.565 [GMT 1:00]
              Running from: C:\Documents and Settings\Hispis\Desktop\ComboFix.exe
              Command switches used :: C:\Documents and Settings\Hispis\Desktop\CFScript.txt
              * Created a new restore point

              WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

              FILE
              C:\WINDOWS\system32\kmwdw64j.exe
              .

              ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              C:\WINDOWS\system32\kmwdw64j.exe

              .
              ((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
              .

              2008-02-01 21:49 . 2008-02-01 21:49 90 --ahs---- C:\WINDOWS\klif.spi
              2008-02-01 21:21 . 2008-02-01 21:46 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
              2008-02-01 21:21 . 2008-02-01 21:21 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
              2008-02-01 21:12 . 2008-02-01 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
              2008-02-01 20:35 . 2008-02-01 23:41 2,550,048 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
              2008-02-01 20:35 . 2008-02-01 23:41 25,632 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
              2008-02-01 20:35 . 2008-02-01 21:42 3,680 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
              2008-02-01 20:35 . 2008-02-01 21:42 2,504 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
              2008-02-01 20:29 . 2008-02-01 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
              2008-02-01 17:48 . 2008-02-01 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop
              2008-01-30 17:32 . 2002-03-04 12:27 1,140,472 --a------ C:\WINDOWS\system32\IGUltraGrid20.ocx
              2008-01-30 17:32 . 2004-03-08 23:00 131,856 --a------ C:\WINDOWS\system32\MSADODC.ocx
              2008-01-30 17:32 . 2000-07-15 05:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
              2008-01-30 17:32 . 1999-01-26 19:36 11,012 --a------ C:\WINDOWS\system32\threadapi.tlb
              2008-01-30 16:50 . 2000-05-21 22:00 83,144 --a------ C:\WINDOWS\system32\picclp32.ocx
              2008-01-30 16:50 . 2001-04-26 16:12 57,399 --a------ C:\WINDOWS\system32\Registry.ocx
              2008-01-30 16:21 . 2005-08-27 02:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx
              2008-01-27 14:51 . 2008-01-27 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
              2008-01-27 01:15 . 2008-01-30 15:49 <DIR> d-------- C:\Documents and Settings\Hispis\Application Data\VMware
              2008-01-27 01:01 . 2008-01-30 15:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\VMware
              2008-01-27 00:57 . 2008-01-30 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VMware
              2008-01-27 00:30 . 2008-01-27 00:30 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
              2008-01-27 00:24 . 2008-01-27 00:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
              2008-01-27 00:16 . 2008-01-27 00:16 <DIR> d-------- C:\Documents and Settings\Hispis\Application Data\DAEMON Tools
              2008-01-26 15:06 . 2008-01-26 15:06 <DIR> d-------- C:\WINDOWS\SHELLNEW
              2008-01-26 15:06 . 2008-01-26 15:06 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
              2008-01-26 15:06 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
              2008-01-26 15:06 . 2008-01-26 15:06 376 --a------ C:\WINDOWS\ODBC.INI
              2008-01-26 15:05 . 2008-01-26 15:05 <DIR> d-------- C:\Program Files\Microsoft.NET
              2008-01-26 15:04 . 2008-01-26 15:04 <DIR> dr-h----- C:\MSOCache
              2008-01-23 18:12 . 2008-01-23 18:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
              2008-01-23 18:12 . 2008-01-23 18:12 1,409 --a------ C:\WINDOWS\QTFont.for
              2008-01-21 16:04 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
              2008-01-20 15:12 . 2008-01-30 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
              2008-01-19 20:21 . 2008-01-19 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
              2008-01-11 01:29 . 2008-01-11 01:29 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
              2008-01-10 18:09 . 2008-01-10 18:09 <DIR> d-------- C:\WINDOWS\solcache
              2008-01-10 18:01 . 2008-01-10 18:13 <DIR> d-------- C:\Program Files\Sierra On-Line
              2008-01-10 18:01 . 1998-10-30 23:21 1,022,976 --a------ C:\WINDOWS\system32\SierraNW.dll
              2008-01-10 18:01 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
              2008-01-10 18:01 . 1998-10-30 23:21 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll
              2008-01-10 18:01 . 2008-01-10 18:09 344 --a------ C:\WINDOWS\SIERRA.INI
              2008-01-10 15:33 . 2007-10-11 00:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
              2008-01-10 15:33 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
              2008-01-10 15:33 . 2007-07-01 04:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
              2008-01-10 15:33 . 2007-10-11 00:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
              2008-01-10 15:33 . 2007-10-11 00:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
              2008-01-10 15:33 . 2007-10-11 00:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
              2008-01-10 15:33 . 2007-10-11 00:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
              2008-01-10 15:33 . 2007-10-11 00:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
              2008-01-10 15:33 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
              2008-01-09 18:35 . 2007-02-28 10:10 2,180,352 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
              2008-01-09 18:35 . 2007-02-28 10:08 2,136,064 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
              2008-01-09 18:35 . 2007-02-28 09:38 2,057,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
              2008-01-09 18:35 . 2007-02-28 09:38 2,015,744 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
              2008-01-09 18:33 . 2006-06-14 09:47 172,416 -----c--- C:\WINDOWS\system32\dllcache\kmixer.sys
              2008-01-09 18:33 . 2006-06-14 10:00 82,944 -----c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
              2008-01-09 18:33 . 2006-06-14 09:47 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
              2008-01-09 18:26 . 2006-06-01 19:47 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll
              2008-01-09 18:26 . 2006-06-01 19:47 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll
              2008-01-09 18:02 . 2008-01-30 17:40 <DIR> d-------- C:\WINDOWS\system32\NtmsData
              2008-01-09 17:38 . 2007-11-14 16:51 524,288 --a------ C:\WINDOWS\M2V-ASUS-2001.ROM
              2008-01-09 17:36 . 2008-01-09 17:38 428,804 --a------ C:\WINDOWS\M2V2001.zip
              2008-01-09 17:30 . 2005-03-09 14:53 36,352 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
              2008-01-09 17:29 . 2008-01-09 17:29 <DIR> d-------- C:\Documents and Settings\Hispis\Application Data\InstallShield
              2008-01-09 17:14 . 2008-01-09 17:14 <DIR> d-------- C:\Documents and Settings\Hispis\Application Data\SystemRequirementsLab
              2008-01-09 17:13 . 2006-05-05 10:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
              2008-01-08 23:57 . 2008-02-01 18:07 1,073,037,312 --a------ C:\WINDOWS\MEMORY.DMP
              2008-01-08 23:24 . 2004-08-04 02:07 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
              2008-01-08 23:23 . 2004-08-04 02:07 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
              2008-01-08 23:22 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
              2008-01-08 23:21 . 2008-01-08 23:21 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
              2008-01-08 23:21 . 2008-01-08 23:21 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
              2008-01-08 23:21 . 2008-01-08 23:21 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
              2008-01-08 23:21 . 2008-01-08 23:21 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
              2008-01-08 23:21 . 2008-01-08 23:21 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
              2008-01-08 23:21 . 2008-01-08 23:21 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
              2008-01-08 23:20 . 2004-08-04 02:07 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
              2008-01-08 23:06 . 2004-08-04 02:07 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
              2008-01-08 23:06 . 2004-08-04 02:07 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
              2008-01-08 23:06 . 2004-08-04 02:07 13,312 --a------ C:\WINDOWS\system32\irclass.dll
              2008-01-08 23:06 . 2004-08-04 02:07 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
              2008-01-08 22:04 . 2007-06-24 08:42 8,231,936 --a------ C:\WINDOWS\system32\wmploc.backup
              2008-01-08 22:04 . 2007-10-11 00:47 1,832,960 --a------ C:\WINDOWS\system32\inetcpl.backup
              2008-01-08 22:04 . 2007-06-24 08:39 1,497,088 --a------ C:\WINDOWS\system32\shdocvw.backup
              2008-01-08 22:04 . 2007-06-24 08:38 1,022,976 --a------ C:\WINDOWS\system32\browseui.backup
              2008-01-08 22:04 . 2004-08-04 00:56 514,560 --a------ C:\WINDOWS\system32\logonui.backup
              2008-01-08 22:04 . 2007-10-11 00:47 105,984 --a------ C:\WINDOWS\system32\url.backup
              2008-01-08 22:04 . 2006-06-14 21:29 54,689 --a------ C:\WINDOWS\system32\VIPicon.ico
              2008-01-08 22:04 . 2006-08-02 15:01 138 --a------ C:\WINDOWS\system32\VIPuninstall.bat
              2008-01-08 22:02 . 2007-06-24 08:39 985,088 --a------ C:\WINDOWS\system32\setupapi.backup
              2008-01-08 22:00 . 2008-01-09 17:06 <DIR> d-------- C:\WINDOWS\VIPv3
              2008-01-08 22:00 . 2003-06-22 12:31 65,536 --a------ C:\WINDOWS\system32\vbalProgBar6.ocx
              2008-01-08 22:00 . 2006-08-15 23:21 96 --a------ C:\WINDOWS\docs.ini
              2008-01-08 20:13 . 2008-01-08 20:13 <DIR> d-------- C:\Documents and Settings\Hispis\WINDOWS
              2008-01-08 20:13 . 2000-07-21 12:45 303,619 --a------ C:\WINDOWS\uninst.exe
              2008-01-08 19:50 . 2008-01-08 19:50 <DIR> d-------- C:\Documents and Settings\Hispis\LimeWire Store Purchased
              2008-01-07 17:47 . 2008-01-30 17:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

              .
              (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2008-02-01 20:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
              2008-02-01 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
              2008-02-01 20:11 --------- d-----w C:\Documents and Settings\Hispis\Application Data\uTorrent
              2008-02-01 17:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
              2008-02-01 17:01 --------- d-----w C:\Documents and Settings\Hispis\Application Data\foobar2000
              2008-01-30 16:40 --------- d-----w C:\Program Files\MSN Messenger
              2008-01-30 16:39 --------- d-----w C:\Documents and Settings\Hispis\Application Data\Ventrilo
              2008-01-30 16:39 --------- d-----w C:\Documents and Settings\Hispis\Application Data\SolidWorks
              2008-01-30 16:39 --------- d-----w C:\Documents and Settings\Hispis\Application Data\DWGeditor
              2008-01-26 23:09 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
              2008-01-19 15:14 --------- d-----w C:\Documents and Settings\Hispis\Application Data\Xfire
              2008-01-15 13:47 --------- d-----w C:\Documents and Settings\Hispis\Application Data\Hamachi
              2008-01-09 16:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
              2008-01-04 17:20 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
              2008-01-04 17:20 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
              2007-12-29 16:33 --------- d-----w C:\Program Files\NVIDIA nTune Performance Application
              2007-12-29 13:10 --------- d-----w C:\Documents and Settings\Hispis\Application Data\IGN_DLM
              2007-12-27 21:47 --------- d-----w C:\Documents and Settings\Hispis\Application Data\teamspeak2
              2007-12-25 20:10 --------- d--h--w C:\Documents and Settings\Hispis\Application Data\ijjigame
              2007-12-25 10:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
              2007-12-24 17:27 --------- d-----w C:\Program Files\foobar2000
              2007-12-23 12:54 --------- d-----w C:\Program Files\Common Files\Adobe
              2007-12-23 12:53 --------- d-----w C:\Program Files\SolidWorks Installation Manager
              2007-12-23 12:53 --------- d-----w C:\Program Files\Common Files\SolidWorks Shared
              2007-12-17 23:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
              2007-12-17 23:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
              2007-12-16 15:15 2,208 ----a-w C:\WINDOWS\system32\drivers\nxsIO32.sys
              2007-12-13 12:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
              2007-12-12 16:25 426,691 ----a-w C:\WINDOWS\M2V1603.zip
              2007-12-09 19:08 --------- d-----w C:\Documents and Settings\Hispis\Application Data\GetRightToGo
              2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
              2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
              2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
              2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
              2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
              2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
              2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
              2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
              2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
              2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
              2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
              2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
              2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
              2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
              2007-12-05 00:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
              2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
              2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
              2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
              2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
              2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
              2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
              2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
              2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
              2007-12-05 00:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
              2007-12-05 00:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
              2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
              2007-12-05 00:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
              2007-12-05 00:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
              2007-12-05 00:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
              2007-12-05 00:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
              2007-12-05 00:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll
              2007-12-05 00:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
              2007-12-05 00:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
              2007-11-22 23:46 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
              2007-11-22 23:44 22,328 ----a-w C:\Documents and Settings\Hispis\Application Data\PnkBstrK.sys
              2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
              2007-08-08 16:06 561,556 --sha-w C:\WINDOWS\system32\xdydclpm.ini.ren
              .

              ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              *Note* empty entries & legit default entries are not shown
              REGEDIT4

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 15360]
              "Zilla Popup Killer"="C:\Programs\Zilla\PopUpKiller\ZillaPop.exe" [ ]
              "NVIDIA nTune"="C:\NVIDIA\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "WheelMouse"="C:\Programs\A4Tech\Mouse\Amoumain.exe" [2006-02-17 10:14 163840]
              "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
              "amd_dc_opt"="D:\Programs\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06 77824]
              "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 08:34 16143872 C:\WINDOWS\RTHDCPL.EXE]
              "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
              "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
              "AVP"="C:\Programs\Kaspersky Anti-Virus 7.0\avp.exe" [2007-12-18 00:43 227856]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:07 15360]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
              "ShowDeskFix"="regsvr32 /s /n /i:u shell32"
              "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 22:59 44544]

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
              -ra------ 2005-05-03 11:43 69632 C:\WINDOWS\ALCMTR.EXE

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
              D:\Programs\DAEMON Tools\daemon.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
              D:\Programs\DAEMON Tools Pro\DTProAgent.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
              --a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\NvCpl.dll

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
              --a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\NvMcTray.dll

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
              --a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
              -ra------ 2006-04-17 08:34 16143872 C:\WINDOWS\RTHDCPL.EXE

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
              --a--c--- 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIPv3_Auto_Update]

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrv]

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]

              R2 nxsIO32;NextSensor Kernel I/O Driver;C:\WINDOWS\System32\DRIVERS\nxsIO32.sys [2007-12-16 16:15]
              R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-08-29 18:41]
              R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
              S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2006-05-09 09:27]
              S3 cpuz128;cpuz128;C:\DOCUME~1\Hispis\LOCALS~1\Temp\cpuz_x32.sys
              S3 hitmanpro2;Hitman Pro 2 Driver;D:\Programs\Hitman Pro\hitmanpro2.sys
              S3 Moufiltr;Mouse Test Driver;C:\WINDOWS\system32\DRIVERS\Moufiltr.sys [2005-08-06 14:13]
              S3 MouseCap;MouseCapture Driver;C:\WINDOWS\system32\Drivers\MouseCap.sys [2005-08-08 13:44]

              *Newly Created Service* - KL1
              .
              **************************************************************************

              catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2008-02-01 23:41:37
              Windows 5.1.2600 Service Pack 2 NTFS

              scanning hidden processes ...

              scanning hidden autostart entries ...

              scanning hidden files ...

              scan completed successfully
              hidden files: 0

              **************************************************************************
              .
              Completion time: 2008-02-01 23:43:42
              ComboFix-quarantined-files.txt 2008-02-01 22:43:40
              ComboFix2.txt 2008-02-01 21:59:42
              ComboFix3.txt 2008-02-01 17:09:58
              .
              2008-01-12 17:30:50 --- E O F ---


              als er nog iets moet gebeuren wordt dat dan morgen want ik ga nu slapen weltrusten iedereen
              )._________'
              / ////_______I - - I-->>
              ) /(_)
              /__/

              Comment


              • #8
                Je logje ziet er weer goed uit

                De Java software op je computer is verouderd.
                Oudere versies hebben lekken die malware de kans geeft om zich te installeren.
                Voer eerst onderstaane stappen uit om Java te deïnstalleren en de nieuwste versie te installeren:
                Download Java Runtime Environment (JRE) 6u4.
                • Scroll omlaag naar : "Java Runtime Environment (JRE) 6u4".
                • Klik op de "Download" knop aan de rechterkant.
                • In het uitklapmenu rechts naast Platform, selecteer Windows
                • Vink aan: "I agree to the Java SE Runtime Environment 6 License Agreement", en klik op Continue.
                • De pagina zal herladen.
                • Klik op de jre-6u4-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
                • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                • Herhaal dit tot alle oudere versies verdwenen zijn.
                • Na het verwijderen van alle oudere versies, herstart je pc.
                • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                Post een Hijackthis logfile ter controle.
                Hoe is het met je problemen?
                Groet,
                Pimmerd

                Comment


                • #9
                  Hey

                  alles gaat weer beter behalve internet explorer start wel snel op maar zoeken naar pagina duurt lang.
                  bedankt voor het helpen alvast.

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 13:49:47, on 2-2-2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v7.00 (7.00.6000.20696)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\Programs\A4Tech\Mouse\Amoumain.exe
                  C:\WINDOWS\RTHDCPL.EXE
                  C:\WINDOWS\system32\RUNDLL32.EXE
                  C:\Programs\Kaspersky Anti-Virus 7.0\avp.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Programs\Kaspersky Anti-Virus 7.0\avp.exe
                  C:\NVIDIA\nTune\nTuneService.exe
                  C:\WINDOWS\system32\nvsvc32.exe
                  C:\WINDOWS\system32\PnkBstrA.exe
                  C:\WINDOWS\system32\svchost.exe
                  D:\Programs\RealVNC\winvnc4.exe
                  C:\Program Files\MSN Messenger\msnmsgr.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\wbem\wmiapsrv.exe
                  C:\Program Files\MSN Messenger\usnsvc.exe
                  D:\Programs\foobar2000\foobar2000.exe
                  C:\WINDOWS\system32\msiexec.exe
                  C:\Program Files\Internet Explorer\IEXPLORE.EXE
                  C:\Documents and Settings\Hispis\Desktop\HiJackThis\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8100
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
                  O2 - BHO: VirtualCamera IEMenu Class - {0246A1A7-820A-469A-85A7-7B7F01EB808C} - D:\Programs\VirtualCamera\VirtualCameraMenuSwap.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                  O4 - HKLM\..\Run: [WheelMouse] C:\Programs\A4Tech\Mouse\Amoumain.exe
                  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                  O4 - HKLM\..\Run: [amd_dc_opt] D:\Programs\AMD\Dual-Core Optimizer\amd_dc_opt.exe
                  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
                  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
                  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                  O4 - HKLM\..\Run: [AVP] "C:\Programs\Kaspersky Anti-Virus 7.0\avp.exe"
                  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
                  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [Zilla Popup Killer] C:\Programs\Zilla\PopUpKiller\ZillaPop.exe
                  O4 - HKCU\..\Run: [NVIDIA nTune] "C:\NVIDIA\nTune\nTuneCmd.exe" clear
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
                  O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
                  O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                  O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                  O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programs\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
                  O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
                  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programs\MICROS~1\OFFICE11\REFIEBAR.DLL
                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
                  O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
                  O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
                  O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
                  O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
                  O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
                  O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
                  O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
                  O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
                  O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
                  O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
                  O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programs\Kaspersky Anti-Virus 7.0\avp.exe
                  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                  O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\NVIDIA\nTune\nTuneService.exe
                  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                  O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
                  O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
                  O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\Programs\RealVNC\winvnc4.exe

                  --
                  End of file - 6990 bytes
                  )._________'
                  / ////_______I - - I-->>
                  ) /(_)
                  /__/

                  Comment


                  • #10
                    Hey

                    kan ik nu ComboFix,Hijackthis weggooien of ?
                    want ik had op een ander forum dat je bij "start" "run" iets moest in typen bijvoorbeeld "combofix /f " ofzo

                    Groeten Jurriaan
                    )._________'
                    / ////_______I - - I-->>
                    ) /(_)
                    /__/

                    Comment


                    • #11
                      Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:

                      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
                      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

                      Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

                      Deinstalleer Combofix:
                      Ga naar start --> uitvoeren en typ daar: combofix /u
                      Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.

                      Download ATF Cleaner (by Atribune)

                      Dubbelklik op ATF cleaner om het programma te starten.
                      Op het tabblad "Main", plaats je een vinkje bij Select All.
                      Klik op de knop Empty Selected.

                      Het volgende doen als je ook FireFox als browser hebt:
                      Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                      Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                      (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                      Klik op de knop Empty Selected.

                      Het volgende doen als je ook Opera als browser hebt:
                      Klik op tabblad "Opera", plaats een vinkje bij Select All.
                      Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                      Klik op de knop Empty Selected.
                      Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                      Hoe is het met je problemen?
                      Groet,
                      Pimmerd

                      Comment

                      Sorry, you are not authorized to view this page
                      Working...
                      X