Mededeling

Collapse
No announcement yet.

TratBHO (TRJ)

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    TratBHO (TRJ)

    Heb Trojaans Paard "TratBHO" gevonden op mn laptop.

    Hier mijn HJT-log:

    Logfile of HijackThis v1.99.1
    Scan saved at 0:22:32, on 17/04/2008
    Platform: Unknown Windows (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\ProgramData\efuvmvcf\yxoxmzad.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\kdojohqf.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Users\Wtr\AppData\Local\Temp\RtkBtMnt.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    C:\Program Files\Cisco Systems\VPN Client\ipseclog.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Users\Wtr\Desktop\HiJackThis_v2.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: (no name) - {29802B54-7128-479A-8959-22D4E6BF8555} - C:\Windows\system32\fccbYPjJ.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: sgoblxtm - {54CF4CA2-C46C-4B5C-8DC5-0C0D42ECD69E} - C:\Windows\sgoblxtm.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fccaYrRL.dll,#1
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [78e771ce] rundll32.exe "C:\Windows\system32\gwogcmvd.dll",b
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [gwinckdt] C:\Windows\system32\kdojohqf.exe
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O13 - Gopher Prefix:
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5E8E88D3-5E18-4A75-B981-216E3FF0BD7A}: Domain = ugent.be
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5E8E88D3-5E18-4A75-B981-216E3FF0BD7A}: NameServer = 157.193.40.42,157.193.71.1
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ugent.be
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ugent.be
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O21 - SSODL: ogxtsepr - {DDB2B0EB-0AAA-44F7-9517-B16013AB6F03} - C:\Windows\ogxtsepr.dll
    O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: wampapache - Unknown owner - C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice (file missing)
    O23 - Service: wampmysqld - Unknown owner - C:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    Labels: Geen
    • Citaat
  • #2
    Edit 1

    In andere thread met hetzelfde virus gelezen dat combifix moest uitgevoerd worden.
    Hier mijn combofix-log (in vier delen vanwege het bericht dat ik te veel afbeeldingen in mijn bericht heb):

    ComboFix 08-04-15.8 - Wtr 2008-04-17 0:31:18.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.912 [GMT 2:00]
    Gestart vanuit: C:\Users\Wtr\Desktop\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\akl
    C:\Program Files\akl\akl.dll
    C:\Program Files\akl\akl.exe
    C:\Program Files\akl\uninstall.exe
    C:\Program Files\akl\unsetup.exe
    C:\Program Files\Inet Delivery
    C:\Program Files\Inet Delivery\inetdl.exe
    C:\Program Files\Inet Delivery\intdel.exe
    C:\Users\Wtr\Desktopblackbird.jpg
    C:\Users\Wtr\DesktopEditorFKWP1.5.exe
    C:\Users\Wtr\DesktopEditorFKWP2.0.exe
    C:\Users\Wtr\Desktopfilemanagerclient.exe
    C:\Users\Wtr\Desktopfkwp1.5.exe
    C:\Users\Wtr\Desktopfkwp2.0.exe
    C:\Users\Wtr\Desktopfwebd.exe
    C:\Users\Wtr\DesktopFWebdEditor.exe
    C:\Users\Wtr\DesktopTrojan.Win32.BlackBird.exe
    C:\Users\Wtr\Desktopvirii
    C:\Windows\a.bat
    C:\Windows\base64.tmp
    C:\Windows\bdn.com
    C:\Windows\FVProtect.exe
    C:\Windows\iTunesMusic.exe
    C:\Windows\mslagent
    C:\Windows\mslagent\2_mslagent.dll
    C:\Windows\mslagent\mslagent.exe
    C:\Windows\mslagent\uninstall.exe
    C:\Windows\mssecu.exe
    C:\Windows\system32\ACER.exe
    C:\Windows\system32\anuknlrj.dll
    C:\Windows\system32\ddcArQGy.dll
    C:\Windows\System32\dvmcgowg.ini
    C:\Windows\system32\gwogcmvd.dll
    C:\Windows\System32\JjPYbccf.ini
    C:\Windows\System32\JjPYbccf.ini2
    C:\Windows\system32\mcrh.tmp
    C:\Windows\system32\rqrRLBsS.dll
    C:\Windows\System32\SsBLRrqr.ini
    C:\Windows\System32\SsBLRrqr.ini2
    C:\Windows\system32\x64
    C:\Windows\system32\x64\csnp2uvc.dll
    C:\Windows\system32\x64\rsnpvc64.dll
    C:\Windows\system32\x64\sncduvc.sys
    C:\Windows\system32\x64\snp2uvc.sys
    C:\Windows\system32\x64\vsnpvc64.dll
    C:\Windows\system32\xxyaabyy.dll
    C:\Windows\system32\xycohdna.dll
    C:\Windows\System32\yGQrAcdd.ini
    C:\Windows\System32\yGQrAcdd.ini2
    C:\Windows\System32\yybaayxx.ini
    C:\Windows\System32\yybaayxx.ini2
    C:\Windows\system32akttzn.exe
    C:\Windows\system32anticipator.dll
    C:\Windows\system32awtoolb.dll
    C:\Windows\system32bdn.com
    C:\Windows\system32bsva-egihsg52.exe
    C:\Windows\system32dpcproxy.exe
    C:\Windows\system32emesx.dll
    C:\Windows\[email protected]@@k.dll
    C:\Windows\system32hoproxy.dll
    C:\Windows\system32hxiwlgpm.dat
    C:\Windows\system32hxiwlgpm.exe
    C:\Windows\system32medup012.dll
    C:\Windows\system32medup020.dll
    C:\Windows\system32msgp.exe
    C:\Windows\system32msnbho.dll
    C:\Windows\system32mssecu.exe
    C:\Windows\system32msvchost.exe
    C:\Windows\system32mtr2.exe
    C:\Windows\system32mwin32.exe
    C:\Windows\system32netode.exe
    C:\Windows\system32newsd32.exe
    C:\Windows\system32ps1.exe
    C:\Windows\system32psof1.exe
    C:\Windows\system32psoft1.exe
    C:\Windows\system32regc64.dll
    C:\Windows\system32regm64.dll
    C:\Windows\system32Rundl1.exe
    C:\Windows\system32sncntr.exe
    C:\Windows\system32ssurf022.dll
    C:\Windows\system32ssvchost.com
    C:\Windows\system32ssvchost.exe
    C:\Windows\system32sysreq.exe
    C:\Windows\system32taack.dat
    C:\Windows\system32taack.exe
    C:\Windows\system32temp#01.exe
    C:\Windows\system32thun.dll
    C:\Windows\system32thun32.dll
    C:\Windows\system32VBIEWER.OCX
    C:\Windows\system32vbsys2.dll
    C:\Windows\system32vcatchpi.dll
    C:\Windows\system32winlogonpc.exe
    C:\Windows\system32winsystem.exe
    C:\Windows\system32WINWGPX.EXE
    C:\Windows\userconfig9x.dll
    C:\Windows\Web\def.htm
    C:\Windows\winsystem.exe
    C:\Windows\zip1.tmp
    C:\Windows\zip2.tmp
    C:\Windows\zip3.tmp
    C:\Windows\zipped.tmp

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))
    .

    2008-04-17 00:17 . 2008-04-17 00:25 <DIR> d-------- C:\HijackThis
    2008-04-16 23:23 . 2008-04-13 22:01 38,400 --a------ C:\Windows\System32\fccaYrRL.dll
    2008-04-16 19:28 . 2008-04-16 23:23 1,074 ---hs---- C:\Windows\System32\sbpgyktc.ini
    2008-04-16 15:17 . 2008-04-16 15:21 <DIR> d-------- C:\wamp
    2008-04-16 14:46 . 2008-01-10 07:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
    2008-04-16 13:55 . 2008-04-16 19:25 954 ---hs---- C:\Windows\System32\uhswixip.ini
    2008-04-14 22:03 . 2008-03-29 19:23 95,608 --a------ C:\Windows\System32\AvastSS.scr
    2008-04-14 22:03 . 2008-03-29 19:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys
    2008-04-14 22:03 . 2008-03-29 19:27 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
    2008-04-14 22:03 . 2008-03-29 19:29 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
    2008-04-14 22:03 . 2008-03-29 19:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys
    2008-04-14 22:02 . 2008-04-14 22:02 <DIR> d-------- C:\Program Files\Alwil Software
    2008-04-14 22:02 . 2008-03-29 19:45 1,146,232 --a------ C:\Windows\System32\aswBoot.exe
    2008-04-14 22:02 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
    2008-04-14 22:02 . 2008-03-29 19:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
    2008-04-14 17:32 . 2008-04-16 13:31 714 ---hs---- C:\Windows\System32\twixvdtw.ini
    2008-04-14 16:18 . 2008-04-14 16:18 273,408 --------- C:\Windows\System32\fccbYPjJ.dll
    2008-04-13 22:14 . 2008-04-13 22:14 <DIR> d-------- C:\Users\All Users\Media Center Programs
    2008-04-13 22:14 . 2008-04-13 22:14 <DIR> d-------- C:\ProgramData\Media Center Programs
    2008-04-13 22:01 . 2008-04-13 22:01 <DIR> d-------- C:\Users\All Users\efuvmvcf
    2008-04-13 22:01 . 2008-04-13 22:01 <DIR> d-------- C:\ProgramData\efuvmvcf
    2008-04-13 22:01 . 2008-04-13 15:08 204,800 --a------ C:\Windows\sgoblxtm.dll
    2008-04-13 22:01 . 2008-04-13 15:08 200,704 --a------ C:\Windows\ogxtsepr.dll
    2008-04-13 22:01 . 2008-04-13 22:01 90,112 --a------ C:\Windows\System32\kdojohqf.exe
    2008-04-09 12:24 . 2008-02-15 01:19 944,184 --a------ C:\Windows\System32\winload.exe
    2008-04-09 12:24 . 2008-02-19 07:10 620,088 --a------ C:\Windows\System32\ci.dll
    2008-04-09 12:24 . 2008-02-29 08:39 371,712 --a------ C:\Windows\System32\srcore.dll
    2008-04-09 12:24 . 2008-02-29 08:38 313,856 --a------ C:\Windows\System32\rstrui.exe
    2008-04-09 12:24 . 2008-02-29 08:39 40,960 --a------ C:\Windows\System32\srclient.dll
    2008-04-09 12:24 . 2008-02-29 08:51 19,000 --a------ C:\Windows\System32\kd1394.dll
    2008-04-09 12:24 . 2008-02-29 08:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
    2008-04-09 12:24 . 2008-02-29 08:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
    2008-04-09 12:24 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
    2008-04-07 18:35 . 2008-04-07 18:35 <DIR> d-------- C:\Users\Wtr\AppData\Roaming\SmartFTP
    2008-04-07 18:35 . 2008-04-07 18:35 <DIR> d-------- C:\Program Files\SmartFTP Client
    2008-04-07 18:34 . 2008-04-07 18:34 <DIR> d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
    2008-04-05 20:31 . 2008-04-05 20:33 <DIR> d-------- C:\Program Files\Hacker Evolution
    2008-04-05 17:40 . 2008-04-05 17:41 384,624,438 --a------ C:\Windows\MEMORY.DMP
    2008-04-05 02:21 . 2008-04-05 02:21 268 --ah----- C:\sqmdata19.sqm
    2008-04-05 02:21 . 2008-04-05 02:21 244 --ah----- C:\sqmnoopt19.sqm
    2008-04-04 23:31 . 2008-04-04 23:31 41,296 --a------ C:\Windows\System32\xfcodec.dll
    2008-03-31 18:14 . 2008-03-31 18:14 0 --a------ C:\Windows\nsreg.dat
    2008-03-31 15:43 . 2008-03-31 16:20 107,832 --a------ C:\Windows\System32\PnkBstrB.exe
    2008-03-31 15:43 . 2008-03-31 15:43 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
    2008-03-31 15:43 . 2008-03-31 16:20 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
    2008-03-27 16:49 . 2008-03-27 16:49 <DIR> d-------- C:\Users\Wtr\AppData\Roaming\teamspeak2
    2008-03-27 16:49 . 2008-03-27 16:49 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
    2008-03-27 16:49 . 2008-03-27 16:49 34,064 --a------ C:\Windows\System32\lhacm.acm
    2008-03-26 17:09 . 2008-03-26 17:09 <DIR> d-------- C:\Program Files\Tale of Tales
    2008-03-26 17:09 . 2007-07-27 18:57 57,449 --a------ C:\Windows\System32\The Endless Forest 3.scr
    2008-03-25 02:58 . 2008-03-25 02:58 268 --ah----- C:\sqmdata18.sqm
    2008-03-25 02:58 . 2008-03-25 02:58 244 --ah----- C:\sqmnoopt18.sqm
    2008-03-24 16:55 . 2008-03-24 16:55 268 --ah----- C:\sqmdata17.sqm
    2008-03-24 16:55 . 2008-03-24 16:55 244 --ah----- C:\sqmnoopt17.sqm
    2008-03-24 15:00 . 2008-03-24 15:00 268 --ah----- C:\sqmdata16.sqm
    2008-03-24 15:00 . 2008-03-24 15:00 244 --ah----- C:\sqmnoopt16.sqm
    2008-03-24 00:28 . 2008-03-24 00:28 268 --ah----- C:\sqmdata15.sqm
    2008-03-24 00:28 . 2008-03-24 00:28 244 --ah----- C:\sqmnoopt15.sqm
    2008-03-23 17:48 . 2008-03-23 17:48 268 --ah----- C:\sqmdata14.sqm
    2008-03-23 17:48 . 2008-03-23 17:48 244 --ah----- C:\sqmnoopt14.sqm
    2008-03-23 15:26 . 2008-03-23 15:26 268 --ah----- C:\sqmdata13.sqm
    2008-03-23 15:26 . 2008-03-23 15:26 244 --ah----- C:\sqmnoopt13.sqm
    2008-03-23 14:08 . 2008-03-23 14:08 <DIR> d-------- C:\Users\All Users\Macrovision
    2008-03-23 14:08 . 2008-03-23 14:08 <DIR> d-------- C:\ProgramData\Macrovision
    2008-03-23 14:05 . 2008-03-23 14:05 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
    2008-03-23 14:04 . 2008-03-23 14:04 <DIR> d-------- C:\Program Files\Common Files\Macromedia
    2008-03-23 14:04 . 2003-07-30 19:28 974,848 --a------ C:\Windows\System32\mfc70.dll
    2008-03-23 14:04 . 2003-07-30 19:28 487,424 --a------ C:\Windows\System32\msvcp70.dll
    2008-03-21 18:36 . 2008-03-21 18:36 268 --ah----- C:\sqmdata12.sqm
    2008-03-21 18:36 . 2008-03-21 18:36 244 --ah----- C:\sqmnoopt12.sqm
    2008-03-21 02:20 . 2008-03-21 02:20 268 --ah----- C:\sqmdata11.sqm
    2008-03-21 02:20 . 2008-03-21 02:20 244 --ah----- C:\sqmnoopt11.sqm

    .
    Last edited by Mitochondrion; 17-04-08, 01:16.
    • Citaat

    Comment

    • #3
      combofix-log 2

      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-16 21:20 174 --sha-w C:\Program Files\desktop.ini
      2008-04-16 21:15 --------- d-----w C:\Program Files\Windows Calendar
      2008-04-16 21:14 --------- d-----w C:\Program Files\Windows Mail
      2008-04-16 20:45 41,097 ----a-w C:\Users\Wtr\AppData\Roaming\nvModes.dat
      2008-04-14 15:13 --------- d-----w C:\ProgramData\Xfire
      2008-04-14 15:13 --------- d-----w C:\Program Files\Xfire
      2008-04-14 14:32 --------- d-----w C:\Users\Wtr\AppData\Roaming\Xfire
      2008-04-13 19:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-04-09 17:29 --------- d-----w C:\ProgramData\Microsoft Help
      2008-04-06 12:28 41,159 ----a-w C:\Users\Sanne\AppData\Roaming\nvModes.dat
      2008-04-05 18:27 --------- d-----w C:\Users\Wtr\AppData\Roaming\LimeWire
      2008-04-02 15:36 --------- d-----w C:\ProgramData\Symantec
      2008-03-23 12:15 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-03-13 23:28 --------- d-----w C:\Program Files\Common Files\xing shared
      2008-03-13 23:28 --------- d-----w C:\Program Files\Common Files\Real
      2008-03-12 18:47 --------- d-----w C:\Program Files\Java
      2008-03-10 20:46 --------- d-----w C:\Users\Wtr\AppData\Roaming\uTorrent
      2008-03-10 20:43 --------- d-----w C:\Program Files\LimeWire
      2008-03-08 02:14 148,992 ----a-w C:\Windows\system32\drivers\ks.sys
      2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
      2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
      2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
      2008-03-02 20:55 --------- d-----w C:\Program Files\Image-Line
      2008-03-02 20:52 --------- d-----w C:\Program Files\Steinberg
      2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
      2008-02-28 18:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2008-02-25 21:14 --------- d-----w C:\Program Files\Real
      2008-02-23 23:37 --------- d-----w C:\ProgramData\Ubisoft
      2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
      2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
      2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
      2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
      2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
      2008-02-19 21:48 --------- d-----w C:\Users\Wtr\AppData\Roaming\IGN_DLM
      2008-02-19 21:48 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
      2008-02-19 21:12 194,560 ----a-w C:\Windows\System32\WebClnt.dll
      2008-02-19 21:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
      2008-02-19 21:11 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
      2008-02-19 21:11 558,080 ----a-w C:\Windows\System32\oleaut32.dll
      2008-02-19 21:11 260,096 ----a-w C:\Windows\System32\dpx.dll
      2008-02-19 21:11 224,824 ----a-w C:\Windows\System32\clfs.sys
      2008-02-19 21:11 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
      2008-02-19 21:11 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
      2008-02-19 21:11 101,888 ----a-w C:\Windows\System32\drvinst.exe
      2008-02-19 21:08 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
      2008-02-19 21:08 24,064 ----a-w C:\Windows\System32\netcfg.exe
      2008-02-19 21:08 22,016 ----a-w C:\Windows\System32\netiougc.exe
      2008-02-19 21:08 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
      2008-02-19 21:08 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
      2008-02-19 20:54 --------- d-----w C:\Program Files\Download Manager
      2008-02-19 13:33 --------- d-----w C:\Program Files\Norton Internet Security
      2008-02-01 02:21 245,408 ----a-w C:\Windows\System32\unicows.dll
      2008-01-29 04:16 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
      2008-01-29 04:16 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
      2008-01-29 04:16 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
      2008-01-29 04:16 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
      2008-01-29 04:16 1,686,528 ----a-w C:\Windows\System32\gameux.dll
      2008-01-29 00:30 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
      2008-01-29 00:15 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
      2008-01-18 20:08 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
      2008-01-18 20:04 413,696 ----a-w C:\Windows\System32\wrap_oal.dll
      2008-01-18 20:04 110,592 ----a-w C:\Windows\System32\OpenAL32.dll
      2008-01-17 22:56 378 ----a-w C:\MSN-REG.BAT
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29802B54-7128-479A-8959-22D4E6BF8555}]
      2008-04-14 16:18 273408 --------- C:\Windows\system32\fccbYPjJ.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{54CF4CA2-C46C-4B5C-8DC5-0C0D42ECD69E}"= "C:\Windows\sgoblxtm.dll" [2008-04-13 15:08 204800]

      [HKEY_CLASSES_ROOT\clsid\{54cf4ca2-c46c-4b5c-8dc5-0c0d42ecd69e}]
      [HKEY_CLASSES_ROOT\sgoblxtm.1]
      [HKEY_CLASSES_ROOT\TypeLib\{6D2ABF11-1C46-482A-9B98-1E7C6F823EA8}]
      [HKEY_CLASSES_ROOT\sgoblxtm]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:02 1232896]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
      "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 23:57 1103480]
      "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
      "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]
      "gwinckdt"="C:\Windows\system32\kdojohqf.exe" [2008-04-13 22:01 90112]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-27 23:39 1006264]
      "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
      "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
      "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 14:54 1286144]
      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 00:08 107112]
      "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 01:18 22696]
      "Acer Tour"=""
      "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 14:53 86016]
      "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 14:53 8433664]
      "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 14:53 81920]
      "SetPanel"="C:\Acer\APanel\APanel.cmd" [ ]
      "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-08-15 11:21 772616]
      "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 14:38 206952]
      "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
      "PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 13:35 94208]
      "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744]
      "eRecoveryService"=""
      "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
      "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-14 01:28 185896]
      "MSServer"="C:\Windows\system32\fccaYrRL.dll" [2008-04-13 22:01 38400]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]

      C:\Users\Wtr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
      Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-23 14:15:52 113664]
      Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-07-28 00:08:44 535336]
      VPN Client.lnk - C:\Windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-02-12 22:48:58 6144]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableLUA"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
      "33HHwY6ce2"= C:\ProgramData\efuvmvcf\yxoxmzad.exe

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "UacDisableNotify"=dword:00000001
      "InternetSettingsDisableNotify"=dword:00000001
      "AutoUpdateDisableNotify"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
      "EnableFirewall"= 0 (0x0)
      • Citaat

      Comment

      • #4
        combofix 3 log

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
        "{F553EEA1-3AEB-4AEE-9AF7-CB476B11DCED}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
        "{51F089C7-C7C6-4685-A97A-B70308A94146}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
        "{C67A14D1-73CC-40B6-B119-DB3E19BF938F}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
        "{42F4982D-D4B6-4A9E-9F51-D74DC9465B58}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
        "{0DC47E39-EB25-4BB2-B0F2-6A6DE5510BE0}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
        "{026C3BB4-0F17-4021-AD8D-51FFAFA2CE84}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exeV Wizard
        "{AD049E68-9439-4D6A-94E5-8ED506DC9371}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exeVDivine
        "{BD8A946E-0B8F-4C48-BB31-29B19CD61F6C}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
        "{D2AE4C0D-5800-4E05-A45C-99D07ADDA58E}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
        "{089B26B9-E4A1-439C-A253-8590C34E138A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
        "{86B17887-4596-4784-94C6-0E84402211FC}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
        "{854ECA2C-831A-4A08-92AC-4CC81A97F4EA}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
        "{4682C8B5-FB88-4178-BD4C-94853C42A99F}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
        "{0F47A19E-6B56-4CDA-9BE2-1D1045CF12F6}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
        "{7F7FFDC5-E20E-4AB6-AFC5-DC75B8D350BF}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
        "{708E6884-727F-4954-BB7C-40845C3F0222}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
        "{9D798033-B66F-44B3-9096-F0D224265BE9}"= UDP:\sega\SEGA Rally.exe:SEGA Rally
        "{23F63AE3-2FE0-4FEA-9EDC-F5DDC3C78C13}"= TCP:\sega\SEGA Rally.exe:SEGA Rally
        "{81EF03FF-48D8-4060-AE59-1322904EBE23}"= UDP:\sega\SEGA Rally_SSE1.exe:SEGA Rally
        "{822CFF95-9FE6-4BEF-A5ED-EEEF13AEA451}"= TCP:\sega\SEGA Rally_SSE1.exe:SEGA Rally
        "{9062480C-C706-4DD3-ACD7-3BC12A51033C}"= UDP:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
        "{C88D134C-D018-484B-AE64-5A1AE8F8D610}"= TCP:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
        "{D0D69D59-FC40-42D9-957B-2F857E6F3F1F}"= UDP:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
        "{DE6871F0-0054-4CC6-B313-CED8DBE7F63B}"= TCP:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
        "{834D823D-DD58-442E-B6DD-FFCDA27CD10D}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
        "{9C5C3F99-F3BD-46D8-8062-8C1CF76995DE}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
        "{6EAD5C60-28C8-4685-AC6B-900B85AA147F}"= UDP:\Sierra Entertainment\wic_online.exe:World in Conflict - Online Only
        "{6AD25D2B-F613-49A6-B6D1-10EF828C1E81}"= TCP:\Sierra Entertainment\wic_online.exe:World in Conflict - Online Only
        "{F041E999-E5E6-420E-9236-87B688F065C8}"= UDP:\Sierra Entertainment\wic_ds.exe:World in Conflict - Dedicated Server
        "{1446937D-8167-4505-BEBA-406D69BE0E05}"= TCP:\Sierra Entertainment\wic_ds.exe:World in Conflict - Dedicated Server

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
        "EnableFirewall"= 0 (0x0)
        "DoNotAllowExceptions"= 0 (0x0)

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
        "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
        "EnableFirewall"= 0 (0x0)
        • Citaat

        Comment

        • #5
          combofix 4 log

          R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]
          R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]
          R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]
          R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
          R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080331.001\IDSvix86.sys [2008-02-13 18:18]
          R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 17:51]
          R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
          R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
          R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]
          R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 16:54]
          R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 18:50]
          R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
          R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-14 15:32]
          R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-17 02:46]
          R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 12:03]
          R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 14:47]
          R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-05-17 03:05]
          R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55]
          S3 wampapache;wampapache;"C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice
          S3 wampmysqld;wampmysqld;C:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f4c7d4c-b94a-11dc-aa81-806e6f6e6963}]
          \shell\AutoRun\command - E:\Autorun.exe

          *Newly Created Service* - COMHOST
          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-04-11 18:01:38 C:\Windows\Tasks\Norton Internet Security - Volledige systeemscan - Wtr.job"
          - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
          .
          **************************************************************************

          catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-04-17 00:41:40
          Windows 6.0.6000 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          ------------------------ Other Running Processes ------------------------
          .
          C:\Windows\System32\audiodg.exe
          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          C:\Program Files\Alwil Software\Avast4\ashServ.exe
          C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
          C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
          C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
          C:\Windows\System32\PnkBstrA.exe
          C:\Program Files\CyberLink\Shared Files\RichVideo.exe
          C:\Windows\System32\drivers\XAudio.exe
          C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
          C:\Windows\System32\wbem\unsecapp.exe
          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          C:\Windows\System32\conime.exe
          C:\Windows\System32\rundll32.exe
          C:\Program Files\Launch Manager\LManager.exe
          C:\Windows\System32\wbem\unsecapp.exe
          C:\Windows\System32\rundll32.exe
          C:\Acer\Empowering Technology\eNet\eNMTray.exe
          C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
          C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
          C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
          C:\Windows\ehome\ehmsas.exe
          C:\Users\Wtr\AppData\Local\Temp\RtkBtMnt.exe
          C:\Program Files\Apoint2K\ApMsgFwd.exe
          C:\Program Files\Apoint2K\ApntEx.exe
          C:\Windows\System32\wbem\WMIADAP.exe
          C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
          C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
          C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
          C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
          C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
          C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
          .
          **************************************************************************
          .
          Voltooingstijd: 2008-04-17 0:48:05 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-04-16 22:47:48

          Pre-Run: 26,086,273,024 bytes beschikbaar
          Post-Run: 25,778,708,480 bytes beschikbaar
          .
          2008-04-16 20:57:16 --- E O F ---
          • Citaat

          Comment

          • #6
            Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
            • File::
              C:\Windows\System32\fccaYrRL.dll
              C:\Windows\System32\sbpgyktc.ini
              C:\Windows\System32\uhswixip.ini
              C:\Windows\System32\twixvdtw.ini
              C:\Windows\System32\fccbYPjJ.dll
              C:\Windows\sgoblxtm.dll
              C:\Windows\ogxtsepr.dll
              C:\Windows\System32\kdojohqf.exe

              Folder::
              C:\Users\All Users\efuvmvcf
              C:\ProgramData\efuvmvcf

              Registry::
              [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29802B54-7128-479A-8959-22D4E6BF8555}]
              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
              "{54CF4CA2-C46C-4B5C-8DC5-0C0D42ECD69E}"=-
              [-HKEY_CLASSES_ROOT\clsid\{54cf4ca2-c46c-4b5c-8dc5-0c0d42ecd69e}]
              [-HKEY_CLASSES_ROOT\sgoblxtm.1]
              [-HKEY_CLASSES_ROOT\TypeLib\{6D2ABF11-1C46-482A-9B98-1E7C6F823EA8}]
              [-HKEY_CLASSES_ROOT\sgoblxtm]
              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "gwinckdt"=-
              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "MSServer"=-
              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
              "33HHwY6ce2"=-
            Sla dit op op je Bureaublad als CFScript.txt.Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :Dit zal ComboFix doen herstarten.Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.
            • Citaat

            Comment

            Vorige template Volgende
            Sorry, you are not authorized to view this page
            Working...
            X