Tweet
Help.. Veel popups. 9 van de 10 keer, mobiele abbonements diensten. ook regelmatig buffer overrun van internet explorer. ik draai norton 2008 internet security.
-
-
Moet ik voor deze kwestie ook een Hijackthis log posten? -
Hijackthis log
bij deze mijn Hijackthis logfile.
Bij voorbaat dank .
Julian
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:24:02, on 8-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
D:\program files\CyberLink\Shared Files\RichVideo.exe
D:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\VIA\RAID\raid_tool.exe
D:\program files\ASUS\PC Probe II\Probe2.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\Program Files\Canon\MyPrinter\BJMyPrt.exe
D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\program files\TomTom HOME 2\HOMERunner.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\program files\Messenger\msmsgs.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\setup.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\program files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skoften.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - D:\Program Files\LimewirePlus\tbLim1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - D:\Program Files\LimewirePlus\tbLim1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RaidTool] D:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [Launch PC Probe II] "D:\program files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] D:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "D:\program files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avp] D:\WINDOWS\system32\winver.exe
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe D:\WINDOWS\system32\drvral.dll,startup
O4 - HKLM\..\Run: [10f75bd1] rundll32.exe "D:\WINDOWS\system32\rmybjkps.dll",b
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] D:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKLM\..\RunOnce: [Winnt32RunOnceWarning] user.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "D:\program files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] D:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} (Corporate Language Training Interface) - http://www.cltnet.de/login/dplaunch.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\program files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - D:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 8024 bytesComment
-
Download: RVAXO.exe- Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
- Start de computer in veilige modus.
- Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal. - Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
- Daarna zal je PC herstarten, laat hem nu naar gewone modus herstarten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log - Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
- Post de inhoud van de logfile in je volgende bericht.
Download Combofix (mirror) naar je Bureaublad.
Dubbelklik op Combofix.exe
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen(je kan hem ook hier vinden: C:\Combofix.txt)
Plaats deze log in je volgende post.
NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.Comment
-
logs.
bij deze de 2 logs.
heb ook spybot geinstaleerd. deze geeft trouwens continue meldingen/vragen of ik wijzigingen wil toestaan. deze melding gaat echt continue door.
Hier de Logs.
---RVAXO.exe Updated: 2008-03-08---first run---
Uninstallers:
Files found:
D:\WINDOWS\system32\acbeg.ini2
D:\WINDOWS\system32\cbadd.ini2
D:\WINDOWS\system32\ccbeg.ini2
D:\WINDOWS\system32\fgjlm.ini2
D:\WINDOWS\system32\gjllm.ini2
D:\WINDOWS\system32\qqtss.ini2
D:\WINDOWS\system32\stutv.ini2
D:\WINDOWS\system32\vycdd.ini2
D:\WINDOWS\pskt.ini
D:\WINDOWS\system32\mcrh.tmp
Folders Found:
D:\Program Files\PlayMP3z
D:\Program Files\FBrowsingAdvisor
D:\Program Files\BrowsingTool
D:\Program Files\FBrowserAdvisor
Hosts-file was reset, If you use a custom hosts file please replace it...
--------------RVAXO.exe last run---------------
Not deleted items:
D:\Documents and Settings\Standaard\Mijn documenten\Mijn ontvangen bestanden\AuctioneerClassic-5.0.PRE.2544.zip
D:\Documents and Settings\Standaard\Mijn documenten\Mijn ontvangen bestanden\CT_MapMod.zip
D:\Documents and Settings\Standaard\Mijn documenten\Mijn ontvangen bestanden\TNE_LowHealthWarning2.3.1.zip
D:\Program Files\FBrowsingAdvisor
D:\Program Files\FBrowserAdvisor
D:\Program Files\BrowsingTool
--------------RVAXO.exe finished----------------
ComboFix 08-03-07.4 - Standaard 2008-03-08 15:15:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.395 [GMT 1:00]
Gestart vanuit: D:\Documents and Settings\Standaard\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Program Files\PlayMP3z
D:\Program Files\PlayMP3z\PlayMP3.exe
D:\Program Files\PlayMP3z\uninstall.exe
D:\WINDOWS\BM7f636d1f.xml
D:\WINDOWS\cookies.ini
D:\WINDOWS\pskt.ini
D:\WINDOWS\system32\acbeg.ini
D:\WINDOWS\system32\bgubilyy.dll
D:\WINDOWS\system32\bicrelai.ini
D:\WINDOWS\system32\cbadd.ini
D:\WINDOWS\system32\cbadd.ini2
D:\WINDOWS\system32\ccbeg.ini
D:\WINDOWS\system32\cruujtgu.ini
D:\WINDOWS\system32\ddabc.dll
D:\WINDOWS\system32\ecwneyll.ini
D:\WINDOWS\system32\fgjlm.ini
D:\WINDOWS\system32\gjllm.ini
D:\WINDOWS\system32\hbuujtlm.dll
D:\WINDOWS\system32\jfjphvfr.dll
D:\WINDOWS\system32\jnuvkpru.ini
D:\WINDOWS\system32\lljkjpgu.dll
D:\WINDOWS\system32\ltjxyerq.dll
D:\WINDOWS\system32\mcrh.tmp
D:\WINDOWS\system32\mlljg.dll
D:\WINDOWS\system32\mltjuubh.ini
D:\WINDOWS\system32\qqtss.ini
D:\WINDOWS\system32\qreyxjtl.ini
D:\WINDOWS\system32\stutv.ini
D:\WINDOWS\system32\ugpjkjll.ini
D:\WINDOWS\system32\ugtjuurc.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-08 to 2008-03-08 ))))))))))))))))))))))))))))))
.
2008-03-08 15:03 . 2008-03-08 12:43 728,462 --a------ D:\WINDOWS\system32\RVAXO.bat
2008-03-08 15:03 . 2001-10-01 14:51 69,632 --a------ D:\WINDOWS\system32\remove.exe
2008-03-08 15:03 . 2007-07-04 20:32 16,384 --a------ D:\WINDOWS\system32\Restart.exe
2008-03-08 14:23 . 2008-03-08 14:23 <DIR> d-------- D:\program files\Trend Micro
2008-03-07 16:45 . 2008-03-07 16:45 294 ---hs---- D:\WINDOWS\system32\hpmqjkcc.ini
2008-03-04 14:11 . 2008-03-04 14:11 414 ---hs---- D:\WINDOWS\system32\lklwcfuw.ini
2008-03-04 13:55 . 2007-07-30 19:19 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
2008-03-04 13:55 . 2007-07-30 19:19 207,736 --a------ D:\WINDOWS\system32\muweb.dll
2008-03-04 13:55 . 2007-07-30 19:18 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui
2008-03-02 12:08 . 2008-03-04 14:05 354 ---hs---- D:\WINDOWS\system32\spkjbymr.ini
2008-03-02 11:34 . 2008-03-02 11:43 <DIR> d--hsc--- D:\program files\Common Files\WindowsLiveInstaller
2008-03-02 11:33 . 2008-03-02 11:33 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-29 16:35 . 2008-02-29 16:35 294 ---hs---- D:\WINDOWS\system32\macijdnc.ini
2008-02-28 16:28 . 2008-02-28 17:03 594 ---hs---- D:\WINDOWS\system32\swqehqqi.ini
2008-02-28 16:26 . 2008-03-02 12:05 82,713 --ahs---- D:\WINDOWS\system32\vycdd.ini
2008-02-27 19:51 . 2008-02-28 16:22 474 ---hs---- D:\WINDOWS\system32\yiloatbg.ini
2008-02-26 19:45 . 2008-02-27 19:45 354 ---hs---- D:\WINDOWS\system32\scnbslbp.ini
2008-02-26 16:45 . 2008-02-26 16:50 474 ---hs---- D:\WINDOWS\system32\qelrxusn.ini
2008-02-25 16:46 . 2008-02-26 16:36 354 ---hs---- D:\WINDOWS\system32\rdsbnwtt.ini
2008-02-24 17:39 . 2008-02-24 17:39 294 ---hs---- D:\WINDOWS\system32\yqwcqtuf.ini
2008-02-21 15:25 . 2008-02-21 18:44 354 ---hs---- D:\WINDOWS\system32\ptkujeuc.ini
2008-02-20 16:53 . 2008-02-20 22:45 1,194 ---hs---- D:\WINDOWS\system32\txigfyra.ini
2008-02-19 14:11 . 2005-05-26 15:34 2,297,552 --a------ D:\WINDOWS\system32\d3dx9_26.dll
2008-02-19 14:08 . 2008-02-19 14:11 <DIR> d--h----- D:\WINDOWS\msdownld.tmp
2008-02-19 13:48 . 2008-02-19 13:48 <DIR> d-------- D:\program files\Common Files\PocketSoft
2008-02-19 08:05 . 2008-02-20 16:47 774 ---hs---- D:\WINDOWS\system32\dyicctxk.ini
2008-02-18 17:05 . 2008-02-18 17:05 9 --a------ D:\WINDOWS\system32\10f7495f
2008-02-17 18:25 . 2008-02-17 22:42 466 ---hs---- D:\WINDOWS\system32\kifdxeog.ini
2008-02-15 18:19 . 2008-02-15 18:19 <DIR> d-------- D:\program files\FBrowsingAdvisor
2008-02-15 18:19 . 2006-04-14 23:05 9,952 --a------ D:\regxpcom.exe
2008-02-15 18:18 . 2008-02-15 18:19 <DIR> d-------- D:\program files\FBrowserAdvisor
2008-02-15 18:18 . 2008-03-08 14:58 <DIR> d-------- D:\program files\BrowsingTool
2008-02-15 18:17 . 2008-02-16 18:18 1,118 ---hs---- D:\WINDOWS\system32\wqwmrtnd.ini
2008-02-15 18:17 . 2008-02-15 18:17 586 ---hs---- D:\WINDOWS\system32\lxyexsmd.tmp
2008-02-15 16:54 . 2008-02-15 18:13 586 ---hs---- D:\WINDOWS\system32\lxyexsmd.ini
2008-02-11 17:33 . 2008-02-12 17:04 414 ---hs---- D:\WINDOWS\system32\dqficdai.ini
2008-02-10 17:34 . 2008-02-10 17:36 354 ---hs---- D:\WINDOWS\system32\mpvipvjk.ini
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 14:15 --------- d-----w D:\Program Files\Common Files\Symantec Shared
2008-03-08 14:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\CanonIJPLM
2008-03-08 11:03 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
2008-03-04 12:53 --------- d-----w D:\Program Files\MSN Messenger
2008-03-02 10:43 --------- d-----w D:\Program Files\Windows Live
2008-02-29 14:00 --------- d-----w D:\Program Files\Norton Security Scan
2008-02-26 18:51 --------- d-----w D:\Documents and Settings\Standaard\Application Data\LimeWirePlus
2008-02-19 12:48 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-02-05 16:25 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-05 15:46 --------- d-----w D:\Program Files\Spybot - Search & Destroy
2008-02-04 21:06 --------- d-----w D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-04 21:04 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-02-03 18:58 39,936 ----a-w D:\WINDOWS\system32\byxwurr.dll
2008-02-03 18:53 --------- d-----w D:\Program Files\Ahead
2008-02-03 18:49 --------- d-----w D:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-31 16:42 --------- d-----w D:\Program Files\LimewirePlus
2008-01-31 16:36 --------- d-----w D:\Program Files\LimeWire Plus
2008-01-31 15:49 --------- d-----w D:\Program Files\Belastingdienst
2008-01-15 08:54 10,537 ----a-w D:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 04:28 706 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-13 15:22 --------- d-----w D:\Program Files\TomTom HOME 2
2008-01-13 15:22 --------- d-----w D:\Documents and Settings\Standaard\Application Data\TomTom
2008-01-13 15:22 --------- d-----w D:\Documents and Settings\All Users\Application Data\TomTom
2008-01-13 15:21 --------- d-----w D:\Documents and Settings\Standaard\Application Data\InstallShield
2008-01-12 17:32 23,904 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-11 16:47 --------- d-----w D:\Documents and Settings\Standaard\Application Data\Ventrilo
2008-01-10 16:42 --------- d-----w D:\Documents and Settings\Standaard\Application Data\CyberLink
2008-01-10 16:42 --------- d-----w D:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-10 16:39 --------- d-----w D:\Program Files\CyberLink
2007-12-14 10:32 12,632 ----a-w D:\WINDOWS\system32\lsdelete.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19f60c14-0e5a-4074-9589-814d2b22f378}]
D:\WINDOWS\system32\ateiryhg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{260CB3BF-8FBB-44F6-B241-CE259E91E906}]
D:\WINDOWS\system32\mljgf.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2860C741-8F63-45DA-B029-2B4B148AC499}]
2008-02-03 19:58 39936 --a------ D:\WINDOWS\system32\byxwurr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]
2008-01-31 17:42 1555480 --a------ D:\Program Files\LimewirePlus\tbLim1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50AEBE36-F51D-42B9-BB86-906E27EE6444}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5417D661-01BA-4CAA-865D-BC90DA93F4EF}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5630279F-DA89-4065-B9CC-36053F427ECB}]
D:\WINDOWS\system32\gebca.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 20:51 316784 --a------ D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6CFDAEA9-0C79-4C56-82E5-A68A879EDC54}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D1977A0-2989-4F08-B0F0-0FF1B98E1FF0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 16:59 116088 --a------ D:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74DA7C30-2B4F-454B-9797-DF67BD0A6595}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79C96AAB-28F9-41AD-A471-EA02DE7F68E4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FE8FEDE-C254-4436-8B7B-39F624FF4E97}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A96600FB-E9B0-486E-BC97-B0B9BCC0445E}]
D:\WINDOWS\system32\sstqq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD36D282-ACDF-4C64-905E-0128DB8F22C3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bd7f0e5e-a19d-4a1c-bba1-55f15151bb96}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAF0166E-780D-4457-AE9C-7263D1479663}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA0FD7CE-4E77-4BD9-A788-A8D8769696E1}]
D:\WINDOWS\system32\ddcyv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FBF8BFA3-8748-43CB-9846-92B9FFC44778}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 20:51 316784]
"{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= "D:\Program Files\LimewirePlus\tbLim1.dll" [2008-01-31 17:42 1555480]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784]
"{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= D:\Program Files\LimewirePlus\tbLim1.dll [2008-01-31 17:42 1555480]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-04 15:25 68856]
"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"MSMSGS"="D:\program files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"AdobeUpdater"="D:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 09:37 2321600]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="D:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-03-02 13:00 208952]
"PHIME2002ASync"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-02 13:00 455168]
"PHIME2002A"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-02 13:00 455168]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 08:00 81920 D:\WINDOWS\SOUNDMAN.EXE]
"RaidTool"="D:\Program Files\VIA\RAID\raid_tool.exe" [2005-08-12 09:38 1056768]
"Launch PC Probe II"="D:\program files\ASUS\PC Probe II\Probe2.exe" [2005-07-22 15:05 1901568]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 13:15 51048]
"osCheck"="D:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 21:53 714608]
"CanonSolutionMenu"="D:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 17:01 644696]
"CanonMyPrinter"="D:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 17:50 1603152]
"SSBkgdUpdate"="D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"OpwareSE4"="D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]
"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26 68640]
"LanguageShortcut"="D:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17 52256]
"TomTomHOME.exe"="D:\program files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]
"NeroCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"10f75bd1"="D:\WINDOWS\system32\rmybjkps.dll" [ ]
"avp"="D:\WINDOWS\system32\winver.exe" [2006-03-02 13:00 5632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NoIE4StubProcessing"="D:\WINDOWS\system32\reg.exe" [2006-03-02 13:00 56832]
"Winnt32RunOnceWarning"="user.exe" [2006-03-02 13:00 47872 D:\WINDOWS\system32\user.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2860C741-8F63-45DA-B029-2B4B148AC499}"= D:\WINDOWS\system32\byxwurr.dll [2008-02-03 19:58 39936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxwurr]
byxwurr.dll 2008-02-03 19:58 39936 D:\WINDOWS\system32\byxwurr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\program files\\BitLord\\BitLord.exe"=
"C:\\World of Warcraft\\BackgroundDownloader.exe"=
"D:\\WINDOWS\\system32\\dpvsetup.exe"=
"D:\\program files\\Messenger\\msmsgs.exe"=
"D:\\program files\\LimeWire Plus\\LimeWire.exe"=
"D:\\WINDOWS\\system32\\winver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\program files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\program files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R2 IJPLMSVC;PIXMA Extended Survey Program;D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 08:20]
R2 LiveUpdate Notice;LiveUpdate Notice;"D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
R3 SymIMMP;SymIMMP;D:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
S3 COH_Mon;COH_Mon;D:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 SymIM;Symantec Network Security Intermediate Filter Service;D:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
*Newly Created Service* - COMHOST
.
Inhoud van de 'Gedeelde Taken' map
"2008-02-25 21:25:26 D:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - Standaard.job"
- D:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-03-01 10:11:33 D:\WINDOWS\Tasks\Norton Security Scan.job"
- D:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 15:24:14
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
PROCESS: D:\WINDOWS\system32\winlogon.exe
-> D:\WINDOWS\system32\byxwurr.dll
PROCESS: D:\WINDOWS\explorer.exe [6.00.2900.3156]
-> D:\WINDOWS\system32\byxwurr.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
D:\program files\CyberLink\Shared Files\RichVideo.exe
D:\WINDOWS\system32\cmd.exe
.
**************************************************************************
.
Voltooingstijd: 2008-03-08 15:27:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-08 14:27:48
.
2008-02-13 22:24:07 --- E O F ---Comment
-
Download VirtumundoBegone (mirror)
Sla dit op op je bureaublad.
Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
Als de fix klaar is, start je de pc opnieuw op.
Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.
Draai RVAXO nu ook nog een keer en post ook het nieuwe C:\rvaxo-results.logComment
-
Bij deze de 2 nieuwe logs.
[03/08/2008, 16:25:16] - VirtumundoBeGone v1.5 ( "D:\Documents and Settings\Standaard\Bureaublad\VirtumundoBeGone.exe" )
[03/08/2008, 16:25:26] - Detected System Information:
[03/08/2008, 16:25:26] - Windows Version: 5.1.2600, Service Pack 2
[03/08/2008, 16:25:26] - Current Username: Standaard (Admin)
[03/08/2008, 16:25:27] - Windows is in NORMAL mode.
[03/08/2008, 16:25:27] - Searching for Browser Helper Objects:
[03/08/2008, 16:25:27] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
[03/08/2008, 16:25:27] - BHO 2: {19f60c14-0e5a-4074-9589-814d2b22f378} ()
[03/08/2008, 16:25:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/08/2008, 16:25:27] - Checking for HKLM\...\Winlogon\Notify\ateiryhg
[03/08/2008, 16:25:27] - Key not found: HKLM\...\Winlogon\Notify\ateiryhg, continuing.
[03/08/2008, 16:25:27] - BHO 3: {260CB3BF-8FBB-44F6-B241-CE259E91E906} ()
[03/08/2008, 16:25:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/08/2008, 16:25:27] - Checking for HKLM\...\Winlogon\Notify\mljgf
[03/08/2008, 16:25:27] - Key not found: HKLM\...\Winlogon\Notify\mljgf, continuing.
[03/08/2008, 16:25:27] - BHO 4: {2860C741-8F63-45DA-B029-2B4B148AC499} ()
[03/08/2008, 16:25:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/08/2008, 16:25:27] - Checking for HKLM\...\Winlogon\Notify\byxwurr
[03/08/2008, 16:25:27] - Found: HKLM\...\Winlogon\Notify\byxwurr - This is probably Virtumundo.
[03/08/2008, 16:25:27] - Assigning {2860C741-8F63-45DA-B029-2B4B148AC499} MSEvents Object
[03/08/2008, 16:25:27] - BHO list has been changed! Starting over...
[03/08/2008, 16:25:27] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
[03/08/2008, 16:25:27] - BHO 2: {19f60c14-0e5a-4074-9589-814d2b22f378} ()
[03/08/2008, 16:25:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/08/2008, 16:25:27] - Checking for HKLM\...\Winlogon\Notify\ateiryhg
[03/08/2008, 16:25:27] - Key not found: HKLM\...\Winlogon\Notify\ateiryhg, continuing.
[03/08/2008, 16:25:27] - BHO 3: {260CB3BF-8FBB-44F6-B241-CE259E91E906} ()
[03/08/2008, 16:25:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/08/2008, 16:25:27] - Checking for HKLM\...\Winlogon\Notify\mljgf
[03/08/2008, 16:25:27] - Key not found: HKLM\...\Winlogon\Notify\mljgf, continuing.
[03/08/2008, 16:25:27] - BHO 4: {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} (LimewirePlus Toolbar)
[03/08/2008, 16:25:27] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[03/08/2008, 16:25:27] - BHO 6: {54247F00-59B0-40DB-A9B0-D9DBEB70946C} ()
[03/08/2008, 16:25:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/08/2008, 16:25:27] - Checking for HKLM\...\Winlogon\Notify\vtstr
[03/08/2008, 16:25:28] - Key not found: HKLM\...\Winlogon\Notify\vtstr, continuing.
[03/08/2008, 16:25:28] - BHO 7: {5630279F-DA89-4065-B9CC-36053F427ECB} ()
[03/08/2008, 16:25:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/08/2008, 16:25:28] - Checking for HKLM\...\Winlogon\Notify\gebca
[03/08/2008, 16:25:28] - Key not found: HKLM\...\Winlogon\Notify\gebca, continuing.
[03/08/2008, 16:25:28] - BHO 8: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ()
[03/08/2008, 16:25:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/08/2008, 16:25:28] - Checking for HKLM\...\Winlogon\Notify\coIEPlg
[03/08/2008, 16:25:28] - Key not found: HKLM\...\Winlogon\Notify\coIEPlg, continuing.
[03/08/2008, 16:25:28] - BHO 9: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
[03/08/2008, 16:25:28] - BHO 10: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/08/2008, 16:25:28] - BHO 11: {A96600FB-E9B0-486E-BC97-B0B9BCC0445E} ()
[03/08/2008, 16:25:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/08/2008, 16:25:28] - Checking for HKLM\...\Winlogon\Notify\sstqq
[03/08/2008, 16:25:28] - Key not found: HKLM\...\Winlogon\Notify\sstqq, continuing.
[03/08/2008, 16:25:28] - BHO 12: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/08/2008, 16:25:28] - BHO 13: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[03/08/2008, 16:25:28] - BHO 14: {DA0FD7CE-4E77-4BD9-A788-A8D8769696E1} ()
[03/08/2008, 16:25:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/08/2008, 16:25:28] - Checking for HKLM\...\Winlogon\Notify\ddcyv
[03/08/2008, 16:25:28] - Key not found: HKLM\...\Winlogon\Notify\ddcyv, continuing.
[03/08/2008, 16:25:28] - BHO 15: {DA0FD7CE-4E77-4BD9-A788-A8D8769696E1} ()
[03/08/2008, 16:25:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/08/2008, 16:25:28] - Checking for HKLM\...\Winlogon\Notify\ddcyv
[03/08/2008, 16:25:28] - Key not found: HKLM\...\Winlogon\Notify\ddcyv, continuing.
[03/08/2008, 16:25:28] - Finished Searching Browser Helper Objects
[03/08/2008, 16:25:28] - Finishing up...
[03/08/2008, 16:25:28] - Nothing found! Exiting...
[03/08/2008, 16:25:49] - VirtumundoBeGone v1.5 ( "D:\Documents and Settings\Standaard\Bureaublad\VirtumundoBeGone.exe" )
[03/08/2008, 16:25:52] - Detected System Information:
[03/08/2008, 16:25:52] - Windows Version: 5.1.2600, Service Pack 2
[03/08/2008, 16:25:52] - Current Username: Standaard (Admin)
[03/08/2008, 16:25:52] - Windows is in NORMAL mode.
[03/08/2008, 16:25:52] - Searching for Browser Helper Objects:
[03/08/2008, 16:25:52] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
[03/08/2008, 16:25:52] - BHO 2: {19f60c14-0e5a-4074-9589-814d2b22f378} ()
[03/08/2008, 16:25:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/08/2008, 16:25:52] - Checking for HKLM\...\Winlogon\Notify\ateiryhg
[03/08/2008, 16:25:52] - Key not found: HKLM\...\Winlogon\Notify\ateiryhg, continuing.
[03/08/2008, 16:25:52] - BHO 3: {260CB3BF-8FBB-44F6-B241-CE259E91E906} ()
[03/08/2008, 16:25:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/08/2008, 16:25:52] - Checking for HKLM\...\Winlogon\Notify\mljgf
[03/08/2008, 16:25:52] - Key not found: HKLM\...\Winlogon\Notify\mljgf, continuing.
[03/08/2008, 16:25:52] - BHO 4: {2860C741-8F63-45DA-B029-2B4B148AC499} (MSEvents Object)
[03/08/2008, 16:25:52] - ALERT: Found MSEvents Object!
[03/08/2008, 16:25:52] - BHO 5: {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} (LimewirePlus Toolbar)
[03/08/2008, 16:25:52] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[03/08/2008, 16:25:52] - BHO 7: {54247F00-59B0-40DB-A9B0-D9DBEB70946C} ()
[03/08/2008, 16:25:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/08/2008, 16:25:52] - Checking for HKLM\...\Winlogon\Notify\vtstr
[03/08/2008, 16:25:52] - Key not found: HKLM\...\Winlogon\Notify\vtstr, continuing.
[03/08/2008, 16:25:52] - BHO 8: {5630279F-DA89-4065-B9CC-36053F427ECB} ()
[03/08/2008, 16:25:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/08/2008, 16:25:52] - Checking for HKLM\...\Winlogon\Notify\gebca
[03/08/2008, 16:25:52] - Key not found: HKLM\...\Winlogon\Notify\gebca, continuing.
[03/08/2008, 16:25:52] - BHO 9: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ()
[03/08/2008, 16:25:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/08/2008, 16:25:52] - Checking for HKLM\...\Winlogon\Notify\coIEPlg
[03/08/2008, 16:25:52] - Key not found: HKLM\...\Winlogon\Notify\coIEPlg, continuing.
[03/08/2008, 16:25:52] - BHO 10: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
[03/08/2008, 16:25:52] - BHO 11: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/08/2008, 16:25:52] - BHO 12: {A96600FB-E9B0-486E-BC97-B0B9BCC0445E} ()
[03/08/2008, 16:25:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/08/2008, 16:25:52] - Checking for HKLM\...\Winlogon\Notify\sstqq
[03/08/2008, 16:25:52] - Key not found: HKLM\...\Winlogon\Notify\sstqq, continuing.
[03/08/2008, 16:25:52] - BHO 13: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/08/2008, 16:25:53] - BHO 14: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[03/08/2008, 16:25:53] - BHO 15: {DA0FD7CE-4E77-4BD9-A788-A8D8769696E1} ()
[03/08/2008, 16:25:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/08/2008, 16:25:53] - Checking for HKLM\...\Winlogon\Notify\ddcyv
[03/08/2008, 16:25:53] - Key not found: HKLM\...\Winlogon\Notify\ddcyv, continuing.
[03/08/2008, 16:25:53] - Finished Searching Browser Helper Objects
[03/08/2008, 16:25:53] - *** Detected MSEvents Object
[03/08/2008, 16:25:53] - Trying to remove MSEvents Object...
[03/08/2008, 16:25:54] - Terminating Process: IEXPLORE.EXE
[03/08/2008, 16:25:54] - Terminating Process: RUNDLL32.EXE
[03/08/2008, 16:25:55] - Disabling Automatic Shell Restart
[03/08/2008, 16:25:55] - Terminating Process: EXPLORER.EXE
[03/08/2008, 16:25:55] - Suspending the NT Session Manager System Service
[03/08/2008, 16:25:55] - Terminating Windows NT Logon/Logoff Manager
[03/08/2008, 16:25:56] - Re-enabling Automatic Shell Restart
[03/08/2008, 16:25:56] - File to disable: D:\WINDOWS\system32\byxwurr.dll
[03/08/2008, 16:25:56] - Renaming D:\WINDOWS\system32\byxwurr.dll -> D:\WINDOWS\system32\byxwurr.dll.vir
[03/08/2008, 16:25:56] - File successfully renamed!
[03/08/2008, 16:25:56] - Removing HKLM\...\Browser Helper Objects\{2860C741-8F63-45DA-B029-2B4B148AC499}
[03/08/2008, 16:25:56] - Removing HKCR\CLSID\{2860C741-8F63-45DA-B029-2B4B148AC499}
[03/08/2008, 16:25:56] - Adding Kill Bit for ActiveX for GUID: {2860C741-8F63-45DA-B029-2B4B148AC499}
[03/08/2008, 16:25:56] - Deleting ATLEvents/MSEvents Registry entries
[03/08/2008, 16:25:57] - Removing HKLM\...\Winlogon\Notify\byxwurr
[03/08/2008, 16:25:57] - Searching for Browser Helper Objects:
[03/08/2008, 16:25:57] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
[03/08/2008, 16:25:57] - BHO 2: {19f60c14-0e5a-4074-9589-814d2b22f378} ()
[03/08/2008, 16:25:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/08/2008, 16:25:57] - Checking for HKLM\...\Winlogon\Notify\ateiryhg
[03/08/2008, 16:25:57] - Key not found: HKLM\...\Winlogon\Notify\ateiryhg, continuing.
[03/08/2008, 16:25:57] - BHO 3: {260CB3BF-8FBB-44F6-B241-CE259E91E906} ()
[03/08/2008, 16:25:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/08/2008, 16:25:57] - Checking for HKLM\...\Winlogon\Notify\mljgf
[03/08/2008, 16:25:57] - Key not found: HKLM\...\Winlogon\Notify\mljgf, continuing.
[03/08/2008, 16:25:57] - BHO 4: {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} (LimewirePlus Toolbar)
[03/08/2008, 16:25:57] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[03/08/2008, 16:25:57] - BHO 6: {5630279F-DA89-4065-B9CC-36053F427ECB} ()
[03/08/2008, 16:25:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/08/2008, 16:25:57] - Checking for HKLM\...\Winlogon\Notify\gebca
[03/08/2008, 16:25:57] - Key not found: HKLM\...\Winlogon\Notify\gebca, continuing.
[03/08/2008, 16:25:58] - BHO 7: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ()
[03/08/2008, 16:25:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/08/2008, 16:25:58] - Checking for HKLM\...\Winlogon\Notify\coIEPlg
[03/08/2008, 16:25:58] - Key not found: HKLM\...\Winlogon\Notify\coIEPlg, continuing.
[03/08/2008, 16:25:58] - BHO 8: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
[03/08/2008, 16:25:58] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/08/2008, 16:25:58] - BHO 10: {A96600FB-E9B0-486E-BC97-B0B9BCC0445E} ()
[03/08/2008, 16:25:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/08/2008, 16:25:58] - Checking for HKLM\...\Winlogon\Notify\sstqq
[03/08/2008, 16:25:58] - Key not found: HKLM\...\Winlogon\Notify\sstqq, continuing.
[03/08/2008, 16:25:58] - BHO 11: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/08/2008, 16:25:58] - BHO 12: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[03/08/2008, 16:25:58] - BHO 13: {DA0FD7CE-4E77-4BD9-A788-A8D8769696E1} ()
[03/08/2008, 16:25:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/08/2008, 16:25:58] - Checking for HKLM\...\Winlogon\Notify\ddcyv
[03/08/2008, 16:25:58] - Key not found: HKLM\...\Winlogon\Notify\ddcyv, continuing.
[03/08/2008, 16:25:58] - Finished Searching Browser Helper Objects
[03/08/2008, 16:25:58] - Finishing up...
[03/08/2008, 16:25:58] - A restart is needed.
[03/08/2008, 16:26:03] - Attempting to Restart via STOP error (Blue Screen!)
---RVAXO.exe Updated: 2008-03-08---first run---
Uninstallers:
Files found:
D:\WINDOWS\system32\acbeg.ini2
D:\WINDOWS\system32\cbadd.ini2
D:\WINDOWS\system32\ccbeg.ini2
D:\WINDOWS\system32\fgjlm.ini2
D:\WINDOWS\system32\gjllm.ini2
D:\WINDOWS\system32\qqtss.ini2
D:\WINDOWS\system32\stutv.ini2
D:\WINDOWS\system32\vycdd.ini2
D:\WINDOWS\pskt.ini
D:\WINDOWS\system32\mcrh.tmp
Folders Found:
D:\Program Files\PlayMP3z
D:\Program Files\FBrowsingAdvisor
D:\Program Files\BrowsingTool
D:\Program Files\FBrowserAdvisor
Hosts-file was reset, If you use a custom hosts file please replace it...
--------------RVAXO.exe last run---------------
Not deleted items:
D:\Documents and Settings\Standaard\Mijn documenten\Mijn ontvangen bestanden\AuctioneerClassic-5.0.PRE.2544.zip
D:\Documents and Settings\Standaard\Mijn documenten\Mijn ontvangen bestanden\CT_MapMod.zip
D:\Documents and Settings\Standaard\Mijn documenten\Mijn ontvangen bestanden\TNE_LowHealthWarning2.3.1.zip
D:\Program Files\FBrowsingAdvisor
D:\Program Files\FBrowserAdvisor
D:\Program Files\BrowsingTool
--------------RVAXO.exe finished----------------Comment
-
Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.
@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting folders>>log.txt
FOR %%I in (
C:\Qoobox
"D:\Program Files\FBrowsingAdvisor"
"D:\Program Files\FBrowserAdvisor"
"D:\Program Files\BrowsingTool") DO (
IF EXIST %%I (
RD /S /Q %%I
IF EXIST %%I (
ECHO %%I not deleted>>log.txt
) ELSE (
ECHO %%I deleted>>log.txt)
) ELSE (
ECHO %%I not found>>log.txt))
ECHO.>>log.txt
ECHO Deleting files>>log.txt
FOR %%G in (
D:\WINDOWS\system32\hpmqjkcc.ini
D:\WINDOWS\system32\lklwcfuw.ini
D:\WINDOWS\system32\spkjbymr.ini
D:\WINDOWS\system32\macijdnc.ini
D:\WINDOWS\system32\swqehqqi.ini
D:\WINDOWS\system32\vycdd.ini
D:\WINDOWS\system32\yiloatbg.ini
D:\WINDOWS\system32\scnbslbp.ini
D:\WINDOWS\system32\qelrxusn.ini
D:\WINDOWS\system32\rdsbnwtt.ini
D:\WINDOWS\system32\yqwcqtuf.ini
D:\WINDOWS\system32\ptkujeuc.ini
D:\WINDOWS\system32\txigfyra.ini
D:\WINDOWS\system32\d3dx9_26.dll
D:\WINDOWS\msdownld.tmp
D:\WINDOWS\system32\dyicctxk.ini
D:\WINDOWS\system32\10f7495f
D:\WINDOWS\system32\kifdxeog.ini
D:\WINDOWS\system32\wqwmrtnd.ini
D:\WINDOWS\system32\lxyexsmd.tmp
D:\WINDOWS\system32\lxyexsmd.ini
D:\WINDOWS\system32\dqficdai.ini
D:\WINDOWS\system32\mpvipvjk.ini) DO (
IF EXIST %%G (
DEL /Q %%G
IF EXIST %%G (
ECHO %%G not deleted>>log.txt
) ELSE (
ECHO %%G deleted>>log.txt)
) ELSE (
ECHO %%G not found>>log.txt))
START NOTEPAD.EXE log.txt
Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.
Dubbelklik op del.bat en post de inhoud van de logfile die opent.Comment
-
Deleting folders
C:\Qoobox not found
"D:\Program Files\FBrowsingAdvisor" deleted
"D:\Program Files\FBrowserAdvisor" deleted
"D:\Program Files\BrowsingTool" deleted
Deleting files
D:\WINDOWS\system32\hpmqjkcc.ini not deleted
D:\WINDOWS\system32\lklwcfuw.ini not deleted
D:\WINDOWS\system32\spkjbymr.ini not deleted
D:\WINDOWS\system32\macijdnc.ini not deleted
D:\WINDOWS\system32\swqehqqi.ini not deleted
D:\WINDOWS\system32\vycdd.ini not deleted
D:\WINDOWS\system32\yiloatbg.ini not deleted
D:\WINDOWS\system32\scnbslbp.ini not deleted
D:\WINDOWS\system32\qelrxusn.ini not deleted
D:\WINDOWS\system32\rdsbnwtt.ini not deleted
D:\WINDOWS\system32\yqwcqtuf.ini not deleted
D:\WINDOWS\system32\ptkujeuc.ini not deleted
D:\WINDOWS\system32\txigfyra.ini not deleted
D:\WINDOWS\system32\d3dx9_26.dll deleted
D:\WINDOWS\msdownld.tmp not deleted
D:\WINDOWS\system32\dyicctxk.ini not deleted
D:\WINDOWS\system32\10f7495f deleted
D:\WINDOWS\system32\kifdxeog.ini not deleted
D:\WINDOWS\system32\wqwmrtnd.ini not deleted
D:\WINDOWS\system32\lxyexsmd.tmp not deleted
D:\WINDOWS\system32\lxyexsmd.ini not deleted
D:\WINDOWS\system32\dqficdai.ini not deleted
D:\WINDOWS\system32\mpvipvjk.ini not deletedComment
-
Maak even een nieuwe, ik heb hem iets aangepast
Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.
@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting folders>>log.txt
FOR %%G in (
D:\WINDOWS\system32\hpmqjkcc.ini
D:\WINDOWS\system32\lklwcfuw.ini
D:\WINDOWS\system32\spkjbymr.ini
D:\WINDOWS\system32\macijdnc.ini
D:\WINDOWS\system32\swqehqqi.ini
D:\WINDOWS\system32\vycdd.ini
D:\WINDOWS\system32\yiloatbg.ini
D:\WINDOWS\system32\scnbslbp.ini
D:\WINDOWS\system32\qelrxusn.ini
D:\WINDOWS\system32\rdsbnwtt.ini
D:\WINDOWS\system32\yqwcqtuf.ini
D:\WINDOWS\system32\ptkujeuc.ini
D:\WINDOWS\system32\txigfyra.ini
D:\WINDOWS\msdownld.tmp
D:\WINDOWS\system32\dyicctxk.ini
D:\WINDOWS\system32\10f7495f
D:\WINDOWS\system32\kifdxeog.ini
D:\WINDOWS\system32\wqwmrtnd.ini
D:\WINDOWS\system32\lxyexsmd.tmp
D:\WINDOWS\system32\lxyexsmd.ini
D:\WINDOWS\system32\dqficdai.ini
D:\WINDOWS\system32\mpvipvjk.ini) DO (
IF EXIST %%G (
ATTRIB -r -s -h %%G
DEL /Q %%G
IF EXIST %%G (
ECHO %%G not deleted>>log.txt
) ELSE (
ECHO %%G deleted>>log.txt)
) ELSE (
ECHO %%G not found>>log.txt))
START NOTEPAD.EXE log.txt
Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.
Dubbelklik op del.bat en post de inhoud van de logfile die opent.Comment
-
Okeej
Deleting folders
D:\WINDOWS\system32\hpmqjkcc.ini deleted
D:\WINDOWS\system32\lklwcfuw.ini deleted
D:\WINDOWS\system32\spkjbymr.ini deleted
D:\WINDOWS\system32\macijdnc.ini deleted
D:\WINDOWS\system32\swqehqqi.ini deleted
D:\WINDOWS\system32\vycdd.ini deleted
D:\WINDOWS\system32\yiloatbg.ini deleted
D:\WINDOWS\system32\scnbslbp.ini deleted
D:\WINDOWS\system32\qelrxusn.ini deleted
D:\WINDOWS\system32\rdsbnwtt.ini deleted
D:\WINDOWS\system32\yqwcqtuf.ini deleted
D:\WINDOWS\system32\ptkujeuc.ini deleted
D:\WINDOWS\system32\txigfyra.ini deleted
D:\WINDOWS\msdownld.tmp not deleted
D:\WINDOWS\system32\dyicctxk.ini deleted
D:\WINDOWS\system32\10f7495f not found
D:\WINDOWS\system32\kifdxeog.ini deleted
D:\WINDOWS\system32\wqwmrtnd.ini deleted
D:\WINDOWS\system32\lxyexsmd.tmp deleted
D:\WINDOWS\system32\lxyexsmd.ini deleted
D:\WINDOWS\system32\dqficdai.ini deleted
D:\WINDOWS\system32\mpvipvjk.ini deletedComment
-
Prima
Post nu maar even een nieuw logje van Hijackthis
Comment
-
Okeej Hijackthis log..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:18, on 8-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
D:\program files\CyberLink\Shared Files\RichVideo.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\ntvdm.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\VIA\RAID\raid_tool.exe
D:\program files\ASUS\PC Probe II\Probe2.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\Program Files\Canon\MyPrinter\BJMyPrt.exe
D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\program files\Messenger\msmsgs.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\program files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\program files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skoften.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - D:\Program Files\LimewirePlus\tbLim1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - D:\Program Files\LimewirePlus\tbLim1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RaidTool] D:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [Launch PC Probe II] "D:\program files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] D:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "D:\program files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [10f75bd1] rundll32.exe "D:\WINDOWS\system32\rmybjkps.dll",b
O4 - HKLM\..\Run: [avp] D:\WINDOWS\system32\winver.exe
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] D:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKLM\..\RunOnce: [Winnt32RunOnceWarning] user.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "D:\program files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] D:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} (Corporate Language Training Interface) - http://www.cltnet.de/login/dplaunch.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\program files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - D:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 7998 bytesComment
-
Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
O4 - HKLM\..\Run: [10f75bd1] rundll32.exe "D:\WINDOWS\system32\rmybjkps.dll",b
O4 - HKLM\..\Run: [avp] D:\WINDOWS\system32\winver.exe
O4 - HKLM\..\RunOnce: [Winnt32RunOnceWarning] user.exe
Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.
Maak dan een nieuw logje met Combofix
Comment
-
okeej.. combo fix log gemaakt.
ComboFix 08-03-07.4 - Standaard 2008-03-08 18:42:13.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.397 [GMT 1:00]
Gestart vanuit: D:\Documents and Settings\Standaard\Bureaublad\ComboFix.exe
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\WINDOWS\system32\rtstv.ini
D:\WINDOWS\system32\rtstv.ini2
D:\WINDOWS\system32\vtstr.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-08 to 2008-03-08 ))))))))))))))))))))))))))))))
.
2008-03-08 15:03 . 2008-03-08 12:43 728,462 --a------ D:\WINDOWS\system32\RVAXO.bat
2008-03-08 15:03 . 2001-10-01 14:51 69,632 --a------ D:\WINDOWS\system32\remove.exe
2008-03-08 15:03 . 2007-07-04 20:32 16,384 --a------ D:\WINDOWS\system32\Restart.exe
2008-03-08 14:23 . 2008-03-08 14:23 <DIR> d-------- D:\program files\Trend Micro
2008-03-04 13:55 . 2007-07-30 19:19 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
2008-03-04 13:55 . 2007-07-30 19:19 207,736 --a------ D:\WINDOWS\system32\muweb.dll
2008-03-04 13:55 . 2007-07-30 19:18 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui
2008-03-02 11:34 . 2008-03-02 11:43 <DIR> d--hsc--- D:\program files\Common Files\WindowsLiveInstaller
2008-03-02 11:33 . 2008-03-02 11:33 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-19 14:08 . 2008-02-19 14:11 <DIR> d-------- D:\WINDOWS\msdownld.tmp
2008-02-19 13:48 . 2008-02-19 13:48 <DIR> d-------- D:\program files\Common Files\PocketSoft
2008-02-15 18:19 . 2006-04-14 23:05 9,952 --a------ D:\regxpcom.exe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 17:39 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
2008-03-08 15:31 --------- d-----w D:\Documents and Settings\All Users\Application Data\CanonIJPLM
2008-03-08 14:15 --------- d-----w D:\Program Files\Common Files\Symantec Shared
2008-03-04 12:53 --------- d-----w D:\Program Files\MSN Messenger
2008-03-02 10:43 --------- d-----w D:\Program Files\Windows Live
2008-02-29 14:00 --------- d-----w D:\Program Files\Norton Security Scan
2008-02-26 18:51 --------- d-----w D:\Documents and Settings\Standaard\Application Data\LimeWirePlus
2008-02-19 12:48 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-02-05 16:25 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-05 15:46 --------- d-----w D:\Program Files\Spybot - Search & Destroy
2008-02-04 21:06 --------- d-----w D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-04 21:04 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-02-03 18:53 --------- d-----w D:\Program Files\Ahead
2008-02-03 18:49 --------- d-----w D:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-31 16:42 --------- d-----w D:\Program Files\LimewirePlus
2008-01-31 16:36 --------- d-----w D:\Program Files\LimeWire Plus
2008-01-31 15:49 --------- d-----w D:\Program Files\Belastingdienst
2008-01-15 08:54 10,537 ----a-w D:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 04:28 706 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-13 15:22 --------- d-----w D:\Program Files\TomTom HOME 2
2008-01-13 15:22 --------- d-----w D:\Documents and Settings\Standaard\Application Data\TomTom
2008-01-13 15:22 --------- d-----w D:\Documents and Settings\All Users\Application Data\TomTom
2008-01-13 15:21 --------- d-----w D:\Documents and Settings\Standaard\Application Data\InstallShield
2008-01-12 17:32 23,904 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-11 16:47 --------- d-----w D:\Documents and Settings\Standaard\Application Data\Ventrilo
2008-01-10 16:42 --------- d-----w D:\Documents and Settings\Standaard\Application Data\CyberLink
2008-01-10 16:42 --------- d-----w D:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-10 16:39 --------- d-----w D:\Program Files\CyberLink
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19f60c14-0e5a-4074-9589-814d2b22f378}]
D:\WINDOWS\system32\ateiryhg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{260CB3BF-8FBB-44F6-B241-CE259E91E906}]
D:\WINDOWS\system32\mljgf.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{364CBAA5-17CF-4117-8E4A-7C36814581C6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]
2008-01-31 17:42 1555480 --a------ D:\Program Files\LimewirePlus\tbLim1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5630279F-DA89-4065-B9CC-36053F427ECB}]
D:\WINDOWS\system32\gebca.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 20:51 316784 --a------ D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 16:59 116088 --a------ D:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A96600FB-E9B0-486E-BC97-B0B9BCC0445E}]
D:\WINDOWS\system32\sstqq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA0FD7CE-4E77-4BD9-A788-A8D8769696E1}]
D:\WINDOWS\system32\ddcyv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 20:51 316784]
"{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= "D:\Program Files\LimewirePlus\tbLim1.dll" [2008-01-31 17:42 1555480]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784]
"{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= D:\Program Files\LimewirePlus\tbLim1.dll [2008-01-31 17:42 1555480]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-04 15:25 68856]
"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"MSMSGS"="D:\program files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"AdobeUpdater"="D:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 09:37 2321600]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="D:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-03-02 13:00 208952]
"PHIME2002ASync"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-02 13:00 455168]
"PHIME2002A"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-02 13:00 455168]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 08:00 81920 D:\WINDOWS\SOUNDMAN.EXE]
"RaidTool"="D:\Program Files\VIA\RAID\raid_tool.exe" [2005-08-12 09:38 1056768]
"Launch PC Probe II"="D:\program files\ASUS\PC Probe II\Probe2.exe" [2005-07-22 15:05 1901568]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 13:15 51048]
"osCheck"="D:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 21:53 714608]
"CanonSolutionMenu"="D:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 17:01 644696]
"CanonMyPrinter"="D:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 17:50 1603152]
"SSBkgdUpdate"="D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"OpwareSE4"="D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]
"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26 68640]
"LanguageShortcut"="D:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17 52256]
"TomTomHOME.exe"="D:\program files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]
"NeroCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"10f75bd1"="D:\WINDOWS\system32\rmybjkps.dll" [ ]
"avp"="D:\WINDOWS\system32\winver.exe" [2006-03-02 13:00 5632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NoIE4StubProcessing"="D:\WINDOWS\system32\reg.exe" [2006-03-02 13:00 56832]
"Winnt32RunOnceWarning"="user.exe" [2006-03-02 13:00 47872 D:\WINDOWS\system32\user.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\program files\\BitLord\\BitLord.exe"=
"C:\\World of Warcraft\\BackgroundDownloader.exe"=
"D:\\WINDOWS\\system32\\dpvsetup.exe"=
"D:\\program files\\Messenger\\msmsgs.exe"=
"D:\\program files\\LimeWire Plus\\LimeWire.exe"=
"D:\\WINDOWS\\system32\\winver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\program files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\program files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R2 IJPLMSVC;PIXMA Extended Survey Program;D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 08:20]
R2 LiveUpdate Notice;LiveUpdate Notice;"D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
R3 SymIMMP;SymIMMP;D:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
S3 COH_Mon;COH_Mon;D:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 SymIM;Symantec Network Security Intermediate Filter Service;D:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
*Newly Created Service* - COMHOST
.
Inhoud van de 'Gedeelde Taken' map
"2008-02-25 21:25:26 D:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - Standaard.job"
- D:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-03-01 10:11:33 D:\WINDOWS\Tasks\Norton Security Scan.job"
- D:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 18:51:15
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
D:\program files\CyberLink\Shared Files\RichVideo.exe
.
**************************************************************************
.
Voltooingstijd: 2008-03-08 18:53:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-08 17:53:42
ComboFix2.txt 2008-03-08 14:27:57
.
2008-02-13 22:24:07 --- E O F ---Comment
Comment