Mededeling

Collapse
No announcement yet.

TratBHO (TRJ)

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • TratBHO (TRJ)

    Heb Trojaans Paard "TratBHO" gevonden op mn laptop.

    Hier mijn HJT-log:

    Logfile of HijackThis v1.99.1
    Scan saved at 0:22:32, on 17/04/2008
    Platform: Unknown Windows (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\ProgramData\efuvmvcf\yxoxmzad.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\kdojohqf.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Users\Wtr\AppData\Local\Temp\RtkBtMnt.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    C:\Program Files\Cisco Systems\VPN Client\ipseclog.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Users\Wtr\Desktop\HiJackThis_v2.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: (no name) - {29802B54-7128-479A-8959-22D4E6BF8555} - C:\Windows\system32\fccbYPjJ.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: sgoblxtm - {54CF4CA2-C46C-4B5C-8DC5-0C0D42ECD69E} - C:\Windows\sgoblxtm.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fccaYrRL.dll,#1
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [78e771ce] rundll32.exe "C:\Windows\system32\gwogcmvd.dll",b
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [gwinckdt] C:\Windows\system32\kdojohqf.exe
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O13 - Gopher Prefix:
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5E8E88D3-5E18-4A75-B981-216E3FF0BD7A}: Domain = ugent.be
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5E8E88D3-5E18-4A75-B981-216E3FF0BD7A}: NameServer = 157.193.40.42,157.193.71.1
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ugent.be
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ugent.be
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O21 - SSODL: ogxtsepr - {DDB2B0EB-0AAA-44F7-9517-B16013AB6F03} - C:\Windows\ogxtsepr.dll
    O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: wampapache - Unknown owner - C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice (file missing)
    O23 - Service: wampmysqld - Unknown owner - C:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

  • #2
    Edit 1

    In andere thread met hetzelfde virus gelezen dat combifix moest uitgevoerd worden.
    Hier mijn combofix-log (in vier delen vanwege het bericht dat ik te veel afbeeldingen in mijn bericht heb):

    ComboFix 08-04-15.8 - Wtr 2008-04-17 0:31:18.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.912 [GMT 2:00]
    Gestart vanuit: C:\Users\Wtr\Desktop\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\akl
    C:\Program Files\akl\akl.dll
    C:\Program Files\akl\akl.exe
    C:\Program Files\akl\uninstall.exe
    C:\Program Files\akl\unsetup.exe
    C:\Program Files\Inet Delivery
    C:\Program Files\Inet Delivery\inetdl.exe
    C:\Program Files\Inet Delivery\intdel.exe
    C:\Users\Wtr\Desktopblackbird.jpg
    C:\Users\Wtr\DesktopEditorFKWP1.5.exe
    C:\Users\Wtr\DesktopEditorFKWP2.0.exe
    C:\Users\Wtr\Desktopfilemanagerclient.exe
    C:\Users\Wtr\Desktopfkwp1.5.exe
    C:\Users\Wtr\Desktopfkwp2.0.exe
    C:\Users\Wtr\Desktopfwebd.exe
    C:\Users\Wtr\DesktopFWebdEditor.exe
    C:\Users\Wtr\DesktopTrojan.Win32.BlackBird.exe
    C:\Users\Wtr\Desktopvirii
    C:\Windows\a.bat
    C:\Windows\base64.tmp
    C:\Windows\bdn.com
    C:\Windows\FVProtect.exe
    C:\Windows\iTunesMusic.exe
    C:\Windows\mslagent
    C:\Windows\mslagent\2_mslagent.dll
    C:\Windows\mslagent\mslagent.exe
    C:\Windows\mslagent\uninstall.exe
    C:\Windows\mssecu.exe
    C:\Windows\system32\ACER.exe
    C:\Windows\system32\anuknlrj.dll
    C:\Windows\system32\ddcArQGy.dll
    C:\Windows\System32\dvmcgowg.ini
    C:\Windows\system32\gwogcmvd.dll
    C:\Windows\System32\JjPYbccf.ini
    C:\Windows\System32\JjPYbccf.ini2
    C:\Windows\system32\mcrh.tmp
    C:\Windows\system32\rqrRLBsS.dll
    C:\Windows\System32\SsBLRrqr.ini
    C:\Windows\System32\SsBLRrqr.ini2
    C:\Windows\system32\x64
    C:\Windows\system32\x64\csnp2uvc.dll
    C:\Windows\system32\x64\rsnpvc64.dll
    C:\Windows\system32\x64\sncduvc.sys
    C:\Windows\system32\x64\snp2uvc.sys
    C:\Windows\system32\x64\vsnpvc64.dll
    C:\Windows\system32\xxyaabyy.dll
    C:\Windows\system32\xycohdna.dll
    C:\Windows\System32\yGQrAcdd.ini
    C:\Windows\System32\yGQrAcdd.ini2
    C:\Windows\System32\yybaayxx.ini
    C:\Windows\System32\yybaayxx.ini2
    C:\Windows\system32akttzn.exe
    C:\Windows\system32anticipator.dll
    C:\Windows\system32awtoolb.dll
    C:\Windows\system32bdn.com
    C:\Windows\system32bsva-egihsg52.exe
    C:\Windows\system32dpcproxy.exe
    C:\Windows\system32emesx.dll
    C:\Windows\[email protected]@@k.dll
    C:\Windows\system32hoproxy.dll
    C:\Windows\system32hxiwlgpm.dat
    C:\Windows\system32hxiwlgpm.exe
    C:\Windows\system32medup012.dll
    C:\Windows\system32medup020.dll
    C:\Windows\system32msgp.exe
    C:\Windows\system32msnbho.dll
    C:\Windows\system32mssecu.exe
    C:\Windows\system32msvchost.exe
    C:\Windows\system32mtr2.exe
    C:\Windows\system32mwin32.exe
    C:\Windows\system32netode.exe
    C:\Windows\system32newsd32.exe
    C:\Windows\system32ps1.exe
    C:\Windows\system32psof1.exe
    C:\Windows\system32psoft1.exe
    C:\Windows\system32regc64.dll
    C:\Windows\system32regm64.dll
    C:\Windows\system32Rundl1.exe
    C:\Windows\system32sncntr.exe
    C:\Windows\system32ssurf022.dll
    C:\Windows\system32ssvchost.com
    C:\Windows\system32ssvchost.exe
    C:\Windows\system32sysreq.exe
    C:\Windows\system32taack.dat
    C:\Windows\system32taack.exe
    C:\Windows\system32temp#01.exe
    C:\Windows\system32thun.dll
    C:\Windows\system32thun32.dll
    C:\Windows\system32VBIEWER.OCX
    C:\Windows\system32vbsys2.dll
    C:\Windows\system32vcatchpi.dll
    C:\Windows\system32winlogonpc.exe
    C:\Windows\system32winsystem.exe
    C:\Windows\system32WINWGPX.EXE
    C:\Windows\userconfig9x.dll
    C:\Windows\Web\def.htm
    C:\Windows\winsystem.exe
    C:\Windows\zip1.tmp
    C:\Windows\zip2.tmp
    C:\Windows\zip3.tmp
    C:\Windows\zipped.tmp

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))
    .

    2008-04-17 00:17 . 2008-04-17 00:25 <DIR> d-------- C:\HijackThis
    2008-04-16 23:23 . 2008-04-13 22:01 38,400 --a------ C:\Windows\System32\fccaYrRL.dll
    2008-04-16 19:28 . 2008-04-16 23:23 1,074 ---hs---- C:\Windows\System32\sbpgyktc.ini
    2008-04-16 15:17 . 2008-04-16 15:21 <DIR> d-------- C:\wamp
    2008-04-16 14:46 . 2008-01-10 07:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
    2008-04-16 13:55 . 2008-04-16 19:25 954 ---hs---- C:\Windows\System32\uhswixip.ini
    2008-04-14 22:03 . 2008-03-29 19:23 95,608 --a------ C:\Windows\System32\AvastSS.scr
    2008-04-14 22:03 . 2008-03-29 19:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys
    2008-04-14 22:03 . 2008-03-29 19:27 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
    2008-04-14 22:03 . 2008-03-29 19:29 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
    2008-04-14 22:03 . 2008-03-29 19:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys
    2008-04-14 22:02 . 2008-04-14 22:02 <DIR> d-------- C:\Program Files\Alwil Software
    2008-04-14 22:02 . 2008-03-29 19:45 1,146,232 --a------ C:\Windows\System32\aswBoot.exe
    2008-04-14 22:02 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
    2008-04-14 22:02 . 2008-03-29 19:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
    2008-04-14 17:32 . 2008-04-16 13:31 714 ---hs---- C:\Windows\System32\twixvdtw.ini
    2008-04-14 16:18 . 2008-04-14 16:18 273,408 --------- C:\Windows\System32\fccbYPjJ.dll
    2008-04-13 22:14 . 2008-04-13 22:14 <DIR> d-------- C:\Users\All Users\Media Center Programs
    2008-04-13 22:14 . 2008-04-13 22:14 <DIR> d-------- C:\ProgramData\Media Center Programs
    2008-04-13 22:01 . 2008-04-13 22:01 <DIR> d-------- C:\Users\All Users\efuvmvcf
    2008-04-13 22:01 . 2008-04-13 22:01 <DIR> d-------- C:\ProgramData\efuvmvcf
    2008-04-13 22:01 . 2008-04-13 15:08 204,800 --a------ C:\Windows\sgoblxtm.dll
    2008-04-13 22:01 . 2008-04-13 15:08 200,704 --a------ C:\Windows\ogxtsepr.dll
    2008-04-13 22:01 . 2008-04-13 22:01 90,112 --a------ C:\Windows\System32\kdojohqf.exe
    2008-04-09 12:24 . 2008-02-15 01:19 944,184 --a------ C:\Windows\System32\winload.exe
    2008-04-09 12:24 . 2008-02-19 07:10 620,088 --a------ C:\Windows\System32\ci.dll
    2008-04-09 12:24 . 2008-02-29 08:39 371,712 --a------ C:\Windows\System32\srcore.dll
    2008-04-09 12:24 . 2008-02-29 08:38 313,856 --a------ C:\Windows\System32\rstrui.exe
    2008-04-09 12:24 . 2008-02-29 08:39 40,960 --a------ C:\Windows\System32\srclient.dll
    2008-04-09 12:24 . 2008-02-29 08:51 19,000 --a------ C:\Windows\System32\kd1394.dll
    2008-04-09 12:24 . 2008-02-29 08:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
    2008-04-09 12:24 . 2008-02-29 08:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
    2008-04-09 12:24 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
    2008-04-07 18:35 . 2008-04-07 18:35 <DIR> d-------- C:\Users\Wtr\AppData\Roaming\SmartFTP
    2008-04-07 18:35 . 2008-04-07 18:35 <DIR> d-------- C:\Program Files\SmartFTP Client
    2008-04-07 18:34 . 2008-04-07 18:34 <DIR> d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
    2008-04-05 20:31 . 2008-04-05 20:33 <DIR> d-------- C:\Program Files\Hacker Evolution
    2008-04-05 17:40 . 2008-04-05 17:41 384,624,438 --a------ C:\Windows\MEMORY.DMP
    2008-04-05 02:21 . 2008-04-05 02:21 268 --ah----- C:\sqmdata19.sqm
    2008-04-05 02:21 . 2008-04-05 02:21 244 --ah----- C:\sqmnoopt19.sqm
    2008-04-04 23:31 . 2008-04-04 23:31 41,296 --a------ C:\Windows\System32\xfcodec.dll
    2008-03-31 18:14 . 2008-03-31 18:14 0 --a------ C:\Windows\nsreg.dat
    2008-03-31 15:43 . 2008-03-31 16:20 107,832 --a------ C:\Windows\System32\PnkBstrB.exe
    2008-03-31 15:43 . 2008-03-31 15:43 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
    2008-03-31 15:43 . 2008-03-31 16:20 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
    2008-03-27 16:49 . 2008-03-27 16:49 <DIR> d-------- C:\Users\Wtr\AppData\Roaming\teamspeak2
    2008-03-27 16:49 . 2008-03-27 16:49 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
    2008-03-27 16:49 . 2008-03-27 16:49 34,064 --a------ C:\Windows\System32\lhacm.acm
    2008-03-26 17:09 . 2008-03-26 17:09 <DIR> d-------- C:\Program Files\Tale of Tales
    2008-03-26 17:09 . 2007-07-27 18:57 57,449 --a------ C:\Windows\System32\The Endless Forest 3.scr
    2008-03-25 02:58 . 2008-03-25 02:58 268 --ah----- C:\sqmdata18.sqm
    2008-03-25 02:58 . 2008-03-25 02:58 244 --ah----- C:\sqmnoopt18.sqm
    2008-03-24 16:55 . 2008-03-24 16:55 268 --ah----- C:\sqmdata17.sqm
    2008-03-24 16:55 . 2008-03-24 16:55 244 --ah----- C:\sqmnoopt17.sqm
    2008-03-24 15:00 . 2008-03-24 15:00 268 --ah----- C:\sqmdata16.sqm
    2008-03-24 15:00 . 2008-03-24 15:00 244 --ah----- C:\sqmnoopt16.sqm
    2008-03-24 00:28 . 2008-03-24 00:28 268 --ah----- C:\sqmdata15.sqm
    2008-03-24 00:28 . 2008-03-24 00:28 244 --ah----- C:\sqmnoopt15.sqm
    2008-03-23 17:48 . 2008-03-23 17:48 268 --ah----- C:\sqmdata14.sqm
    2008-03-23 17:48 . 2008-03-23 17:48 244 --ah----- C:\sqmnoopt14.sqm
    2008-03-23 15:26 . 2008-03-23 15:26 268 --ah----- C:\sqmdata13.sqm
    2008-03-23 15:26 . 2008-03-23 15:26 244 --ah----- C:\sqmnoopt13.sqm
    2008-03-23 14:08 . 2008-03-23 14:08 <DIR> d-------- C:\Users\All Users\Macrovision
    2008-03-23 14:08 . 2008-03-23 14:08 <DIR> d-------- C:\ProgramData\Macrovision
    2008-03-23 14:05 . 2008-03-23 14:05 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
    2008-03-23 14:04 . 2008-03-23 14:04 <DIR> d-------- C:\Program Files\Common Files\Macromedia
    2008-03-23 14:04 . 2003-07-30 19:28 974,848 --a------ C:\Windows\System32\mfc70.dll
    2008-03-23 14:04 . 2003-07-30 19:28 487,424 --a------ C:\Windows\System32\msvcp70.dll
    2008-03-21 18:36 . 2008-03-21 18:36 268 --ah----- C:\sqmdata12.sqm
    2008-03-21 18:36 . 2008-03-21 18:36 244 --ah----- C:\sqmnoopt12.sqm
    2008-03-21 02:20 . 2008-03-21 02:20 268 --ah----- C:\sqmdata11.sqm
    2008-03-21 02:20 . 2008-03-21 02:20 244 --ah----- C:\sqmnoopt11.sqm

    .
    Last edited by Mitochondrion; 17-04-08, 01:16.

    Comment


    • #3
      combofix-log 2

      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-16 21:20 174 --sha-w C:\Program Files\desktop.ini
      2008-04-16 21:15 --------- d-----w C:\Program Files\Windows Calendar
      2008-04-16 21:14 --------- d-----w C:\Program Files\Windows Mail
      2008-04-16 20:45 41,097 ----a-w C:\Users\Wtr\AppData\Roaming\nvModes.dat
      2008-04-14 15:13 --------- d-----w C:\ProgramData\Xfire
      2008-04-14 15:13 --------- d-----w C:\Program Files\Xfire
      2008-04-14 14:32 --------- d-----w C:\Users\Wtr\AppData\Roaming\Xfire
      2008-04-13 19:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-04-09 17:29 --------- d-----w C:\ProgramData\Microsoft Help
      2008-04-06 12:28 41,159 ----a-w C:\Users\Sanne\AppData\Roaming\nvModes.dat
      2008-04-05 18:27 --------- d-----w C:\Users\Wtr\AppData\Roaming\LimeWire
      2008-04-02 15:36 --------- d-----w C:\ProgramData\Symantec
      2008-03-23 12:15 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-03-13 23:28 --------- d-----w C:\Program Files\Common Files\xing shared
      2008-03-13 23:28 --------- d-----w C:\Program Files\Common Files\Real
      2008-03-12 18:47 --------- d-----w C:\Program Files\Java
      2008-03-10 20:46 --------- d-----w C:\Users\Wtr\AppData\Roaming\uTorrent
      2008-03-10 20:43 --------- d-----w C:\Program Files\LimeWire
      2008-03-08 02:14 148,992 ----a-w C:\Windows\system32\drivers\ks.sys
      2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
      2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
      2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
      2008-03-02 20:55 --------- d-----w C:\Program Files\Image-Line
      2008-03-02 20:52 --------- d-----w C:\Program Files\Steinberg
      2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
      2008-02-28 18:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2008-02-25 21:14 --------- d-----w C:\Program Files\Real
      2008-02-23 23:37 --------- d-----w C:\ProgramData\Ubisoft
      2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
      2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
      2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
      2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
      2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
      2008-02-19 21:48 --------- d-----w C:\Users\Wtr\AppData\Roaming\IGN_DLM
      2008-02-19 21:48 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
      2008-02-19 21:12 194,560 ----a-w C:\Windows\System32\WebClnt.dll
      2008-02-19 21:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
      2008-02-19 21:11 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
      2008-02-19 21:11 558,080 ----a-w C:\Windows\System32\oleaut32.dll
      2008-02-19 21:11 260,096 ----a-w C:\Windows\System32\dpx.dll
      2008-02-19 21:11 224,824 ----a-w C:\Windows\System32\clfs.sys
      2008-02-19 21:11 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
      2008-02-19 21:11 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
      2008-02-19 21:11 101,888 ----a-w C:\Windows\System32\drvinst.exe
      2008-02-19 21:08 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
      2008-02-19 21:08 24,064 ----a-w C:\Windows\System32\netcfg.exe
      2008-02-19 21:08 22,016 ----a-w C:\Windows\System32\netiougc.exe
      2008-02-19 21:08 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
      2008-02-19 21:08 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
      2008-02-19 20:54 --------- d-----w C:\Program Files\Download Manager
      2008-02-19 13:33 --------- d-----w C:\Program Files\Norton Internet Security
      2008-02-01 02:21 245,408 ----a-w C:\Windows\System32\unicows.dll
      2008-01-29 04:16 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
      2008-01-29 04:16 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
      2008-01-29 04:16 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
      2008-01-29 04:16 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
      2008-01-29 04:16 1,686,528 ----a-w C:\Windows\System32\gameux.dll
      2008-01-29 00:30 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
      2008-01-29 00:15 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
      2008-01-18 20:08 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
      2008-01-18 20:04 413,696 ----a-w C:\Windows\System32\wrap_oal.dll
      2008-01-18 20:04 110,592 ----a-w C:\Windows\System32\OpenAL32.dll
      2008-01-17 22:56 378 ----a-w C:\MSN-REG.BAT
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29802B54-7128-479A-8959-22D4E6BF8555}]
      2008-04-14 16:18 273408 --------- C:\Windows\system32\fccbYPjJ.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{54CF4CA2-C46C-4B5C-8DC5-0C0D42ECD69E}"= "C:\Windows\sgoblxtm.dll" [2008-04-13 15:08 204800]

      [HKEY_CLASSES_ROOT\clsid\{54cf4ca2-c46c-4b5c-8dc5-0c0d42ecd69e}]
      [HKEY_CLASSES_ROOT\sgoblxtm.1]
      [HKEY_CLASSES_ROOT\TypeLib\{6D2ABF11-1C46-482A-9B98-1E7C6F823EA8}]
      [HKEY_CLASSES_ROOT\sgoblxtm]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:02 1232896]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
      "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 23:57 1103480]
      "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
      "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]
      "gwinckdt"="C:\Windows\system32\kdojohqf.exe" [2008-04-13 22:01 90112]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-27 23:39 1006264]
      "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
      "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
      "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 14:54 1286144]
      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 00:08 107112]
      "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 01:18 22696]
      "Acer Tour"=""
      "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 14:53 86016]
      "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 14:53 8433664]
      "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 14:53 81920]
      "SetPanel"="C:\Acer\APanel\APanel.cmd" [ ]
      "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-08-15 11:21 772616]
      "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 14:38 206952]
      "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
      "PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 13:35 94208]
      "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744]
      "eRecoveryService"=""
      "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
      "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-14 01:28 185896]
      "MSServer"="C:\Windows\system32\fccaYrRL.dll" [2008-04-13 22:01 38400]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]

      C:\Users\Wtr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
      Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-23 14:15:52 113664]
      Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-07-28 00:08:44 535336]
      VPN Client.lnk - C:\Windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-02-12 22:48:58 6144]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableLUA"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
      "33HHwY6ce2"= C:\ProgramData\efuvmvcf\yxoxmzad.exe

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "UacDisableNotify"=dword:00000001
      "InternetSettingsDisableNotify"=dword:00000001
      "AutoUpdateDisableNotify"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
      "EnableFirewall"= 0 (0x0)

      Comment


      • #4
        combofix 3 log

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
        "{F553EEA1-3AEB-4AEE-9AF7-CB476B11DCED}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
        "{51F089C7-C7C6-4685-A97A-B70308A94146}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
        "{C67A14D1-73CC-40B6-B119-DB3E19BF938F}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
        "{42F4982D-D4B6-4A9E-9F51-D74DC9465B58}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
        "{0DC47E39-EB25-4BB2-B0F2-6A6DE5510BE0}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
        "{026C3BB4-0F17-4021-AD8D-51FFAFA2CE84}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exeV Wizard
        "{AD049E68-9439-4D6A-94E5-8ED506DC9371}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exeVDivine
        "{BD8A946E-0B8F-4C48-BB31-29B19CD61F6C}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
        "{D2AE4C0D-5800-4E05-A45C-99D07ADDA58E}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
        "{089B26B9-E4A1-439C-A253-8590C34E138A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
        "{86B17887-4596-4784-94C6-0E84402211FC}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
        "{854ECA2C-831A-4A08-92AC-4CC81A97F4EA}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
        "{4682C8B5-FB88-4178-BD4C-94853C42A99F}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
        "{0F47A19E-6B56-4CDA-9BE2-1D1045CF12F6}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
        "{7F7FFDC5-E20E-4AB6-AFC5-DC75B8D350BF}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
        "{708E6884-727F-4954-BB7C-40845C3F0222}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
        "{9D798033-B66F-44B3-9096-F0D224265BE9}"= UDP:\sega\SEGA Rally.exe:SEGA Rally
        "{23F63AE3-2FE0-4FEA-9EDC-F5DDC3C78C13}"= TCP:\sega\SEGA Rally.exe:SEGA Rally
        "{81EF03FF-48D8-4060-AE59-1322904EBE23}"= UDP:\sega\SEGA Rally_SSE1.exe:SEGA Rally
        "{822CFF95-9FE6-4BEF-A5ED-EEEF13AEA451}"= TCP:\sega\SEGA Rally_SSE1.exe:SEGA Rally
        "{9062480C-C706-4DD3-ACD7-3BC12A51033C}"= UDP:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
        "{C88D134C-D018-484B-AE64-5A1AE8F8D610}"= TCP:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
        "{D0D69D59-FC40-42D9-957B-2F857E6F3F1F}"= UDP:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
        "{DE6871F0-0054-4CC6-B313-CED8DBE7F63B}"= TCP:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
        "{834D823D-DD58-442E-B6DD-FFCDA27CD10D}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
        "{9C5C3F99-F3BD-46D8-8062-8C1CF76995DE}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
        "{6EAD5C60-28C8-4685-AC6B-900B85AA147F}"= UDP:\Sierra Entertainment\wic_online.exe:World in Conflict - Online Only
        "{6AD25D2B-F613-49A6-B6D1-10EF828C1E81}"= TCP:\Sierra Entertainment\wic_online.exe:World in Conflict - Online Only
        "{F041E999-E5E6-420E-9236-87B688F065C8}"= UDP:\Sierra Entertainment\wic_ds.exe:World in Conflict - Dedicated Server
        "{1446937D-8167-4505-BEBA-406D69BE0E05}"= TCP:\Sierra Entertainment\wic_ds.exe:World in Conflict - Dedicated Server

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
        "EnableFirewall"= 0 (0x0)
        "DoNotAllowExceptions"= 0 (0x0)

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
        "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
        "EnableFirewall"= 0 (0x0)

        Comment


        • #5
          combofix 4 log

          R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]
          R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]
          R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]
          R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
          R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080331.001\IDSvix86.sys [2008-02-13 18:18]
          R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 17:51]
          R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
          R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
          R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]
          R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 16:54]
          R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 18:50]
          R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
          R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-14 15:32]
          R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-17 02:46]
          R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 12:03]
          R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 14:47]
          R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-05-17 03:05]
          R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55]
          S3 wampapache;wampapache;"C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice
          S3 wampmysqld;wampmysqld;C:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f4c7d4c-b94a-11dc-aa81-806e6f6e6963}]
          \shell\AutoRun\command - E:\Autorun.exe

          *Newly Created Service* - COMHOST
          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-04-11 18:01:38 C:\Windows\Tasks\Norton Internet Security - Volledige systeemscan - Wtr.job"
          - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
          .
          **************************************************************************

          catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-04-17 00:41:40
          Windows 6.0.6000 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          ------------------------ Other Running Processes ------------------------
          .
          C:\Windows\System32\audiodg.exe
          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          C:\Program Files\Alwil Software\Avast4\ashServ.exe
          C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
          C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
          C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
          C:\Windows\System32\PnkBstrA.exe
          C:\Program Files\CyberLink\Shared Files\RichVideo.exe
          C:\Windows\System32\drivers\XAudio.exe
          C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
          C:\Windows\System32\wbem\unsecapp.exe
          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          C:\Windows\System32\conime.exe
          C:\Windows\System32\rundll32.exe
          C:\Program Files\Launch Manager\LManager.exe
          C:\Windows\System32\wbem\unsecapp.exe
          C:\Windows\System32\rundll32.exe
          C:\Acer\Empowering Technology\eNet\eNMTray.exe
          C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
          C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
          C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
          C:\Windows\ehome\ehmsas.exe
          C:\Users\Wtr\AppData\Local\Temp\RtkBtMnt.exe
          C:\Program Files\Apoint2K\ApMsgFwd.exe
          C:\Program Files\Apoint2K\ApntEx.exe
          C:\Windows\System32\wbem\WMIADAP.exe
          C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
          C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
          C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
          C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
          C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
          C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
          .
          **************************************************************************
          .
          Voltooingstijd: 2008-04-17 0:48:05 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-04-16 22:47:48

          Pre-Run: 26,086,273,024 bytes beschikbaar
          Post-Run: 25,778,708,480 bytes beschikbaar
          .
          2008-04-16 20:57:16 --- E O F ---

          Comment


          • #6
            Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
            • File::
              C:\Windows\System32\fccaYrRL.dll
              C:\Windows\System32\sbpgyktc.ini
              C:\Windows\System32\uhswixip.ini
              C:\Windows\System32\twixvdtw.ini
              C:\Windows\System32\fccbYPjJ.dll
              C:\Windows\sgoblxtm.dll
              C:\Windows\ogxtsepr.dll
              C:\Windows\System32\kdojohqf.exe

              Folder::
              C:\Users\All Users\efuvmvcf
              C:\ProgramData\efuvmvcf

              Registry::
              [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29802B54-7128-479A-8959-22D4E6BF8555}]
              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
              "{54CF4CA2-C46C-4B5C-8DC5-0C0D42ECD69E}"=-
              [-HKEY_CLASSES_ROOT\clsid\{54cf4ca2-c46c-4b5c-8dc5-0c0d42ecd69e}]
              [-HKEY_CLASSES_ROOT\sgoblxtm.1]
              [-HKEY_CLASSES_ROOT\TypeLib\{6D2ABF11-1C46-482A-9B98-1E7C6F823EA8}]
              [-HKEY_CLASSES_ROOT\sgoblxtm]
              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "gwinckdt"=-
              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "MSServer"=-
              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
              "33HHwY6ce2"=-
            Sla dit op op je Bureaublad als CFScript.txt.Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :Dit zal ComboFix doen herstarten.Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

            Comment

            Sorry, you are not authorized to view this page
            Working...
            X