Mededeling

Collapse
No announcement yet.

Spyware en langzame pc

Collapse
X
Collapse
  •  
  • Page of 2
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige 1 2 template Volgende
  • #1

    Spyware en langzame pc

    Constant last van meldingen van spyware en Trojaanse Paarden.
    Misschien ook wel van virus, dat weet ik niet.
    Hieronder de Hijack This Log file:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:15:36, on 17-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\Documents and Settings\All Users\Application Data\kpsnarwh\uvujgbah.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\CameraAssistant.exe
    C:\WINDOWS\system32\ElkCtrl.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nuria\Nuria.exe
    C:\WINDOWS\system32\ufmzezed.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Downloads\HiJackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: (no name) - {D489E084-59AC-490B-9BBA-33899A5A453B} - C:\WINDOWS\system32\awtttstr.dll (file missing)
    O2 - BHO: (no name) - {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} - C:\WINDOWS\system32\ljJCvvTK.dll (file missing)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe
    O4 - HKCU\..\Run: [epvqnfmi] C:\WINDOWS\system32\ufmzezed.exe
    O4 - HKLM\..\Policies\Explorer\Run: [AjSu0L2jXz] C:\Documents and Settings\All Users\Application Data\kpsnarwh\uvujgbah.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Filter hijack: text/html - (no CLSID) - (no file)
    O20 - Winlogon Notify: ljJCvvTK - ljJCvvTK.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --
    End of file - 12189 bytes
    Labels: Geen
    • Citaat
  • #2
    Ik heb hierna combofix gedraait, en de log file is als volgt:

    ComboFix 08-04-15.8 - Sijbren Keimpe 2008-04-17 1:29:38.1 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.487 [GMT 2:00]
    Running from: C:\Documents and Settings\Sijbren Keimpe\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Sijbren Keimpe\Desktopblackbird.jpg
    C:\Documents and Settings\Sijbren Keimpe\DesktopEditorFKWP1.5.exe
    C:\Documents and Settings\Sijbren Keimpe\DesktopEditorFKWP2.0.exe
    C:\Documents and Settings\Sijbren Keimpe\Desktopfilemanagerclient.exe
    C:\Documents and Settings\Sijbren Keimpe\Desktopfkwp1.5.exe
    C:\Documents and Settings\Sijbren Keimpe\Desktopfkwp2.0.exe
    C:\Documents and Settings\Sijbren Keimpe\Desktopfwebd.exe
    C:\Documents and Settings\Sijbren Keimpe\DesktopFWebdEditor.exe
    C:\Program Files\PC-Cleaner
    C:\WINDOWS\a.bat
    C:\WINDOWS\bdn.com
    C:\WINDOWS\iTunesMusic.exe
    C:\WINDOWS\mslagent
    C:\WINDOWS\mssecu.exe
    C:\WINDOWS\system32\awtttstr.dll
    C:\WINDOWS\system32\ljJCvvTK.dll
    C:\WINDOWS\system32\rtstttwa.ini
    C:\WINDOWS\system32\rtstttwa.ini2
    C:\WINDOWS\system32akttzn.exe
    C:\WINDOWS\system32anticipator.dll
    C:\WINDOWS\system32awtoolb.dll
    C:\WINDOWS\system32bdn.com
    C:\WINDOWS\system32bsva-egihsg52.exe
    C:\WINDOWS\system32dpcproxy.exe
    C:\WINDOWS\system32emesx.dll
    C:\WINDOWS\[email protected]@@k.dll
    C:\WINDOWS\system32hoproxy.dll
    C:\WINDOWS\system32hxiwlgpm.dat
    C:\WINDOWS\system32hxiwlgpm.exe
    C:\WINDOWS\system32medup012.dll
    C:\WINDOWS\system32medup020.dll
    C:\WINDOWS\system32msgp.exe
    C:\WINDOWS\system32msnbho.dll
    C:\WINDOWS\system32mssecu.exe
    C:\WINDOWS\system32msvchost.exe
    C:\WINDOWS\system32mtr2.exe
    C:\WINDOWS\system32mwin32.exe
    C:\WINDOWS\system32netode.exe
    C:\WINDOWS\system32newsd32.exe
    C:\WINDOWS\system32ps1.exe
    C:\WINDOWS\system32psof1.exe
    C:\WINDOWS\system32psoft1.exe
    C:\WINDOWS\system32regc64.dll
    C:\WINDOWS\system32regm64.dll
    C:\WINDOWS\system32Rundl1.exe
    C:\WINDOWS\system32smp
    C:\WINDOWS\system32smp\msrc.exe
    C:\WINDOWS\system32sncntr.exe
    C:\WINDOWS\system32ssurf022.dll
    C:\WINDOWS\system32ssvchost.com
    C:\WINDOWS\system32ssvchost.exe
    C:\WINDOWS\system32sysreq.exe
    C:\WINDOWS\system32taack.dat
    C:\WINDOWS\system32taack.exe
    C:\WINDOWS\system32temp#01.exe
    C:\WINDOWS\system32thun.dll
    C:\WINDOWS\system32thun32.dll
    C:\WINDOWS\system32VBIEWER.OCX
    C:\WINDOWS\system32vbsys2.dll
    C:\WINDOWS\system32vcatchpi.dll
    C:\WINDOWS\system32winlogonpc.exe
    C:\WINDOWS\system32winsystem.exe
    C:\WINDOWS\system32WINWGPX.EXE
    C:\WINDOWS\Web\def.htm

    .
    ((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
    .

    2008-04-17 01:13 . 2008-04-17 01:13 <DIR> d-------- C:\Program Files\Trend Micro
    2008-04-16 21:20 . 2008-04-16 21:20 <DIR> d-------- C:\Program Files\Spyware Doctor
    2008-04-16 21:20 . 2008-04-16 21:20 <DIR> d-------- C:\Documents and Settings\Sijbren Keimpe\Application Data\PC Tools
    2008-04-16 21:20 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-04-16 21:20 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-04-16 21:20 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-04-16 21:20 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-04-16 21:12 . 2008-04-16 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-04-16 21:11 . 2008-04-16 21:12 <DIR> d-------- C:\Program Files\Google
    2008-04-16 21:10 . 2008-04-16 21:10 873,912 --a------ C:\Google Updater.exe
    2008-04-16 21:09 . 2008-04-16 21:09 <DIR> d-------- C:\Documents and Settings\Sijbren Keimpe\Application Data\PC-Cleaner
    2008-04-16 18:02 . 2008-04-16 18:02 <DIR> d-------- C:\Documents and Settings\Sijbren Keimpe\Application Data\Grisoft
    2008-04-16 18:01 . 2008-04-16 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-04-16 18:01 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-04-16 17:36 . 2008-04-16 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\kpsnarwh
    2008-04-16 17:36 . 2008-04-16 17:36 106,496 --a------ C:\WINDOWS\system32\ufmzezed.exe
    2008-04-16 17:36 . 2008-04-16 17:00 106,496 --a------ C:\WINDOWS\npqtsrak.exe
    2008-04-16 17:36 . 2008-04-16 17:00 81,920 --a------ C:\WINDOWS\rtqmekwg.exe
    2008-04-16 13:06 . 2008-04-16 13:27 28,160 --a------ C:\Opdracht Foucault.doc
    2008-04-06 16:18 . 2008-04-06 16:18 <DIR> d-------- C:\Downloads
    2008-04-02 17:17 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
    2008-04-02 17:17 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2008-03-31 15:03 . 2008-03-31 15:03 1,491,592 --a------ C:\install_flash_player.exe
    2008-03-25 20:03 . 2008-03-25 20:03 16,849 --a------ C:\Top_40_singles__Uk_23.03.2008_DHZ.Inc_Release.4095627.TPB.torrent
    2008-03-25 19:56 . 2008-03-25 19:55 8,705,840 --a------ C:\winamp552_full_emusic-7plus_en-us.exe
    2008-03-21 17:21 . 2008-03-21 17:21 6,537,768 --a------ C:\Thunderbird Setup 2.0.0.12.exe
    2008-03-21 17:18 . 2008-03-21 17:18 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
    2008-03-21 17:16 . 2008-03-21 17:17 7,153,624 --a------ C:\Firefox Setup 3.0 Beta 4.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-06 14:18 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
    2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
    2008-03-13 11:18 --------- d-----w C:\Program Files\Common Files\PC Tools
    2008-03-13 11:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-01 16:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-02-28 15:03 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-02-26 18:07 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-02-26 18:07 --------- d-----w C:\Program Files\Windows Live
    2008-02-26 18:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
    2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
    2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-02-18 23:31 6,029,648 ----a-w C:\Firefox_Setup_2.0.0.12.exe
    2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-02-14 16:12 4,129,768 ----a-w C:\DCPlusPlus-0.699.exe
    2008-02-03 23:49 810,286 ----a-w C:\KB905474_noWGA_patcher.zip
    2005-09-23 18:20 266 --sh--w C:\Program Files\desktop.ini
    2005-09-23 18:20 11,209 ---h--w C:\Program Files\folder.htt
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 15:53 307200]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
    "Nuria"="C:\Program Files\Nuria\Nuria.exe" [2006-04-23 14:24 1617920]
    "epvqnfmi"="C:\WINDOWS\system32\ufmzezed.exe" [2008-04-16 17:36 106496]
    "soujiewu"="C:\WINDOWS\system32\epqrutet.exe" [2008-04-17 01:46 94208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-02-15 16:02 155648]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-02-15 16:02 126976]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 11:02 860672]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280]
    "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 10:26 489472]
    "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33 73728]
    "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22 262144]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44 271672]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26 29696]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-16 21:12:04 124400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "AjSu0L2jXz"= C:\Documents and Settings\All Users\Application Data\kpsnarwh\uvujgbah.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\ABC\\ABC.exe"=
    "C:\\WINDOWS\\System32\\LEXPPS.EXE"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Program Files\\Tribler\\tribler.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\PPLive\\PPLive.exe"=
    "C:\\Program Files\\RadLight Company\\RadLight 4.0\\RLKERNEL.EXE"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\ABC\\abc.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Bearshare\\BearShare.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\BearFlix\\bearflix.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=
    "C:\\Program Files\\DC++\\DCPlusPlus.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "17208:TCP"= 17208:TCP:BitComet 17208 TCP
    "17208:UDP"= 17208:UDP:BitComet 17208 UDP

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
    S3 mclusb;Freecom USB for Digital Audio Device Driver;C:\WINDOWS\system32\Drivers\mclusb.sys [2002-08-08 17:12]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-24 15:42:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-17 01:45:56
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    C:\WINDOWS\SYSTEM32\LEXBCES.EXE
    C:\WINDOWS\SYSTEM32\LEXPPS.EXE
    C:\PROGRAM FILES\COMMON FILES\LOGITECH\LVMVFM\LVPRCSRV.EXE
    C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
    C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
    C:\PROGRAM FILES\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
    C:\PROGRAM FILES\IPOD\BIN\IPODSERVICE.EXE
    C:\WINDOWS\SYSTEM32\WGATRAY.EXE
    C:\WINDOWS\SYSTEM32\IMAPI.EXE
    .
    **************************************************************************
    .
    Completion time: 2008-04-17 1:51:00 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-16 23:50:48

    Pre-Run: 35,715,547,136 bytes free
    Post-Run: 35,848,945,664 bytes free
    .
    2008-04-10 12:23:01 --- E O F ---
    • Citaat

    Comment

    • #3
      Hierna weer HijackThis gedraaid


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 1:54:53, on 17-4-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
      C:\Documents and Settings\All Users\Application Data\kpsnarwh\uvujgbah.exe
      C:\WINDOWS\System32\hkcmd.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
      C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Logitech\Video\CameraAssistant.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\ElkCtrl.exe
      C:\Program Files\D-Tools\daemon.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\QuickTime\QTTask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Nuria\Nuria.exe
      C:\WINDOWS\system32\ufmzezed.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\WgaTray.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
      O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
      O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
      O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
      O4 - HKCU\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe
      O4 - HKCU\..\Run: [epvqnfmi] C:\WINDOWS\system32\ufmzezed.exe
      O4 - HKCU\..\Run: [soujiewu] C:\WINDOWS\system32\epqrutet.exe
      O4 - HKLM\..\Policies\Explorer\Run: [AjSu0L2jXz] C:\Documents and Settings\All Users\Application Data\kpsnarwh\uvujgbah.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
      O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
      O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
      O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
      O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe (file missing)
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
      O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
      O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

      --
      End of file - 10834 bytes
      • Citaat

      Comment

      • #4
        Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
        • File::
          C:\WINDOWS\system32\ufmzezed.exe
          C:\WINDOWS\npqtsrak.exe
          C:\WINDOWS\rtqmekwg.exe

          Folder::
          C:\Documents and Settings\Sijbren Keimpe\Application Data\PC-Cleaner
          C:\Documents and Settings\All Users\Application Data\kpsnarwh

          Registry::
          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "epvqnfmi"=-
          "soujiewu"=-
          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
          "AjSu0L2jXz"=-
        Sla dit op op je Bureaublad als CFScript.txt.Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :Dit zal ComboFix doen herstarten.Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.
        • Citaat

        Comment

        • #5
          Dank voor de reactie.

          Hieronder de combo fix log file, na de aanbevolen instructies.

          Waar we nog steeds last van hebben, zijn meldingen in de trent van "Spyware gevonden", gemeld door een programma dat we nooit op onze computer hebben geinstalleerd. In de taakbalk krijgen we ook af en toe de melding met de mededeling 'fix problem', met een een uitroepteken in een gele driehoek.

          Ik neem aan dat die melding spyware opzich zelf is. Wat moeten we doen om de spyware te verwijderen? (als de melding zich weer voordoet maak ik een screenshot van één van de berichten)

          --------------------------------------------------------------------------



          ComboFix 08-04-15.8 - Sijbren Keimpe 2008-04-17 13:28:08.2 - FAT32x86
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.435 [GMT 2:00]
          Running from: C:\Documents and Settings\Sijbren Keimpe\Desktop\ComboFix.exe
          Command switches used :: C:\Documents and Settings\Sijbren Keimpe\Desktop\CFScript.txt
          * Created a new restore point
          WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
          FILE ::
          C:\WINDOWS\npqtsrak.exe
          C:\WINDOWS\rtqmekwg.exe
          C:\WINDOWS\system32\ufmzezed.exe
          .
          ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
          .
          C:\Documents and Settings\All Users\Application Data\kpsnarwh
          C:\Documents and Settings\All Users\Application Data\kpsnarwh\uvujgbah.exe
          C:\Documents and Settings\Sijbren Keimpe\Application Data\PC-Cleaner
          C:\Documents and Settings\Sijbren Keimpe\Application Data\PC-Cleaner\log.dat
          C:\Documents and Settings\Sijbren Keimpe\Application Data\PC-Cleaner\settings.dat
          C:\WINDOWS\npqtsrak.exe
          C:\WINDOWS\rtqmekwg.exe
          C:\WINDOWS\system32\ufmzezed.exe
          .
          ((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
          .
          2008-04-17 02:34 . 2008-04-17 02:34 94,208 --a------ C:\WINDOWS\system32\ilojatcj.exe
          2008-04-17 02:08 . 2008-04-17 02:08 <DIR> d-------- C:\Program Files\Lavasoft
          2008-04-17 02:08 . 2008-04-17 02:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
          2008-04-17 02:08 . 2008-04-17 02:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
          2008-04-17 01:46 . 2008-04-17 01:46 94,208 --a------ C:\WINDOWS\system32\epqrutet.exe
          2008-04-17 01:13 . 2008-04-17 01:13 <DIR> d-------- C:\Program Files\Trend Micro
          2008-04-16 21:11 . 2008-04-16 21:12 <DIR> d-------- C:\Program Files\Google
          2008-04-16 21:10 . 2008-04-16 21:10 873,912 --a------ C:\Google Updater.exe
          2008-04-16 18:01 . 2008-04-16 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
          2008-04-16 13:06 . 2008-04-16 13:27 28,160 --a------ C:\Opdracht Foucault.doc
          2008-04-06 16:18 . 2008-04-06 16:18 <DIR> d-------- C:\Downloads
          2008-04-02 17:17 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
          2008-04-02 17:17 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
          2008-03-31 15:03 . 2008-03-31 15:03 1,491,592 --a------ C:\install_flash_player.exe
          2008-03-25 20:03 . 2008-03-25 20:03 16,849 --a------ C:\Top_40_singles__Uk_23.03.2008_DHZ.Inc_Release.4095627.TPB.torrent
          2008-03-25 19:56 . 2008-03-25 19:55 8,705,840 --a------ C:\winamp552_full_emusic-7plus_en-us.exe
          2008-03-21 17:21 . 2008-03-21 17:21 6,537,768 --a------ C:\Thunderbird Setup 2.0.0.12.exe
          2008-03-21 17:18 . 2008-03-21 17:18 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
          2008-03-21 17:16 . 2008-03-21 17:17 7,153,624 --a------ C:\Firefox Setup 3.0 Beta 4.exe
          .
          (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-04-06 14:18 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
          2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
          2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
          2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
          2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
          2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
          2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
          2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
          2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
          2008-03-13 11:18 --------- d-----w C:\Program Files\Common Files\PC Tools
          2008-03-13 11:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
          2008-03-01 16:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
          2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
          2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
          2008-02-28 15:03 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
          2008-02-26 18:07 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
          2008-02-26 18:07 --------- d-----w C:\Program Files\Windows Live
          2008-02-26 18:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
          2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
          2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
          2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
          2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
          2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
          2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
          2008-02-18 23:31 6,029,648 ----a-w C:\Firefox_Setup_2.0.0.12.exe
          2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
          2008-02-14 16:12 4,129,768 ----a-w C:\DCPlusPlus-0.699.exe
          2008-02-03 23:49 810,286 ----a-w C:\KB905474_noWGA_patcher.zip
          2005-09-23 18:20 266 --sh--w C:\Program Files\desktop.ini
          2005-09-23 18:20 11,209 ---h--w C:\Program Files\folder.htt
          .
          ((((((((((((((((((((((((((((( [email protected]_ 1.50.01.29 )))))))))))))))))))))))))))))))))))))))))
          .
          - 2008-04-16 23:45:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
          + 2008-04-17 11:01:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
          + 2008-04-17 00:08:56 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
          + 2008-04-17 00:08:56 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
          + 2008-04-17 00:08:56 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
          + 2008-04-17 00:08:56 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
          + 2007-07-11 12:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
          + 2007-08-07 11:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
          + 2007-08-07 11:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
          + 2007-12-14 10:32:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
          + 2008-04-17 11:01:50 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_68c.dat
          .
          ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Note* empty entries & legit default entries are not shown
          REGEDIT4
          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
          "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 15:53 307200]
          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
          "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
          "Nuria"="C:\Program Files\Nuria\Nuria.exe" [2006-04-23 14:24 1617920]
          "vjjbtbnk"="C:\WINDOWS\system32\ilojatcj.exe" [2008-04-17 02:34 94208]
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-02-15 16:02 155648]
          "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-02-15 16:02 126976]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
          "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
          "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
          "SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 11:02 860672]
          "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280]
          "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 10:26 489472]
          "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33 73728]
          "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22 262144]
          "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
          "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
          "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44 271672]
          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]
          C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
          Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26 29696]
          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "C:\\Program Files\\LimeWire\\LimeWire.exe"=
          "C:\\Program Files\\ABC\\ABC.exe"=
          "C:\\WINDOWS\\System32\\LEXPPS.EXE"=
          "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
          "C:\\Program Files\\Tribler\\tribler.exe"=
          "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
          "C:\\Program Files\\PPLive\\PPLive.exe"=
          "C:\\Program Files\\RadLight Company\\RadLight 4.0\\RLKERNEL.EXE"=
          "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
          "C:\\ABC\\abc.exe"=
          "C:\\Program Files\\iTunes\\iTunes.exe"=
          "C:\\Bearshare\\BearShare.exe"=
          "C:\\Program Files\\Azureus\\Azureus.exe"=
          "C:\\Program Files\\BearFlix\\bearflix.exe"=
          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
          "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=
          "C:\\Program Files\\DC++\\DCPlusPlus.exe"=
          "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
          "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
          "17208:TCP"= 17208:TCP:BitComet 17208 TCP
          "17208:UDP"= 17208:UDP:BitComet 17208 UDP
          R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
          R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
          R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
          S3 mclusb;Freecom USB for Digital Audio Device Driver;C:\WINDOWS\system32\Drivers\mclusb.sys [2002-08-08 17:12]
          S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
          S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
          S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
          .
          Contents of the 'Scheduled Tasks' folder
          "2008-03-24 15:42:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          .
          **************************************************************************
          catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-04-17 13:29:53
          Windows 5.1.2600 Service Pack 2 FAT NTAPI
          scanning hidden processes ...
          scanning hidden autostart entries ...
          scanning hidden files ...
          scan completed successfully
          hidden files: 0
          **************************************************************************
          .
          Completion time: 2008-04-17 13:30:38
          ComboFix-quarantined-files.txt 2008-04-17 11:30:34
          ComboFix2.txt 2008-04-16 23:51:02
          Pre-Run: 35,709,812,736 bytes free
          Post-Run: 35,697,950,720 bytes free
          .
          2008-04-10 12:23:01 --- E O F ---
          • Citaat

          Comment

          • #6
            Toch nog wat nieuwe bestandjes

            Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
            • File::
              C:\WINDOWS\system32\ilojatcj.exe
              C:\WINDOWS\system32\epqrutet.exe

            Sla dit op op je Bureaublad als CFScript.txt.Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :Dit zal ComboFix doen herstarten.Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.
            • Citaat

            Comment

            • #7
              Voordat ik bovenstaande uitvoer (wat ik hierna ga doen), even de screenshot. Excuses voor het BMP formaat ;-)

              http://rapidshare.com/files/108223791/screenshot.bmp.html
              • Citaat

              Comment

              • #8
                Sorry, alweer een nieuwe melding:

                http://rapidshare.com/files/108228268/screenshot2.JPG.html
                • Citaat

                Comment

                • #9
                  Na het uitvoeren van de laatste instructies:



                  ComboFix 08-04-15.8 - Sijbren Keimpe 2008-04-17 16:41:20.3 - FAT32x86
                  Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.415 [GMT 2:00]
                  Running from: C:\Documents and Settings\Sijbren Keimpe\Desktop\ComboFix.exe
                  Command switches used :: C:\Documents and Settings\Sijbren Keimpe\Desktop\CFScript.txt
                  * Created a new restore point

                  WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

                  FILE ::
                  C:\WINDOWS\system32\epqrutet.exe
                  C:\WINDOWS\system32\ilojatcj.exe
                  .

                  ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
                  .

                  C:\WINDOWS\system32\epqrutet.exe
                  C:\WINDOWS\system32\ilojatcj.exe

                  .
                  ((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
                  .

                  2008-04-17 02:08 . 2008-04-17 02:08 <DIR> d-------- C:\Program Files\Lavasoft
                  2008-04-17 02:08 . 2008-04-17 02:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
                  2008-04-17 02:08 . 2008-04-17 02:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                  2008-04-17 01:13 . 2008-04-17 01:13 <DIR> d-------- C:\Program Files\Trend Micro
                  2008-04-16 21:11 . 2008-04-16 21:12 <DIR> d-------- C:\Program Files\Google
                  2008-04-16 21:10 . 2008-04-16 21:10 873,912 --a------ C:\Google Updater.exe
                  2008-04-16 18:01 . 2008-04-16 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
                  2008-04-16 13:06 . 2008-04-16 13:27 28,160 --a------ C:\Opdracht Foucault.doc
                  2008-04-06 16:18 . 2008-04-06 16:18 <DIR> d-------- C:\Downloads
                  2008-04-02 17:17 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
                  2008-04-02 17:17 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
                  2008-03-31 15:03 . 2008-03-31 15:03 1,491,592 --a------ C:\install_flash_player.exe
                  2008-03-25 20:03 . 2008-03-25 20:03 16,849 --a------ C:\Top_40_singles__Uk_23.03.2008_DHZ.Inc_Release.4095627.TPB.torrent
                  2008-03-25 19:56 . 2008-03-25 19:55 8,705,840 --a------ C:\winamp552_full_emusic-7plus_en-us.exe
                  2008-03-21 17:21 . 2008-03-21 17:21 6,537,768 --a------ C:\Thunderbird Setup 2.0.0.12.exe
                  2008-03-21 17:18 . 2008-03-21 17:18 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
                  2008-03-21 17:16 . 2008-03-21 17:17 7,153,624 --a------ C:\Firefox Setup 3.0 Beta 4.exe

                  .
                  (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  2008-04-06 14:18 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
                  2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
                  2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
                  2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
                  2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
                  2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
                  2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
                  2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
                  2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
                  2008-03-13 11:18 --------- d-----w C:\Program Files\Common Files\PC Tools
                  2008-03-13 11:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
                  2008-03-01 16:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
                  2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
                  2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
                  2008-02-28 15:03 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
                  2008-02-26 18:07 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
                  2008-02-26 18:07 --------- d-----w C:\Program Files\Windows Live
                  2008-02-26 18:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
                  2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
                  2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
                  2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
                  2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
                  2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
                  2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
                  2008-02-18 23:31 6,029,648 ----a-w C:\Firefox_Setup_2.0.0.12.exe
                  2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
                  2008-02-14 16:12 4,129,768 ----a-w C:\DCPlusPlus-0.699.exe
                  2008-02-03 23:49 810,286 ----a-w C:\KB905474_noWGA_patcher.zip
                  2005-09-23 18:20 266 --sh--w C:\Program Files\desktop.ini
                  2005-09-23 18:20 11,209 ---h--w C:\Program Files\folder.htt
                  .

                  ((((((((((((((((((((((((((((( [email protected]_ 1.50.01.29 )))))))))))))))))))))))))))))))))))))))))
                  .
                  - 2008-04-16 23:45:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
                  + 2008-04-17 13:10:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
                  + 2008-04-17 00:08:56 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
                  + 2008-04-17 00:08:56 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
                  + 2008-04-17 00:08:56 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
                  + 2008-04-17 00:08:56 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
                  + 2007-07-11 12:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
                  + 2007-08-07 11:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
                  + 2007-08-07 11:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
                  + 2007-12-14 10:32:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
                  + 2008-04-17 13:10:34 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_6c4.dat
                  .
                  ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  *Note* empty entries & legit default entries are not shown
                  REGEDIT4

                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
                  "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 15:53 307200]
                  "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
                  "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
                  "Nuria"="C:\Program Files\Nuria\Nuria.exe" [2006-04-23 14:24 1617920]
                  "vjjbtbnk"="C:\WINDOWS\system32\ilojatcj.exe" [ ]

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-02-15 16:02 155648]
                  "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-02-15 16:02 126976]
                  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
                  "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
                  "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
                  "SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 11:02 860672]
                  "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280]
                  "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 10:26 489472]
                  "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33 73728]
                  "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22 262144]
                  "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
                  "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
                  "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44 271672]

                  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                  "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]

                  C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
                  Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26 29696]

                  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                  "%windir%\\system32\\sessmgr.exe"=
                  "C:\\Program Files\\LimeWire\\LimeWire.exe"=
                  "C:\\Program Files\\ABC\\ABC.exe"=
                  "C:\\WINDOWS\\System32\\LEXPPS.EXE"=
                  "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
                  "C:\\Program Files\\Tribler\\tribler.exe"=
                  "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
                  "C:\\Program Files\\PPLive\\PPLive.exe"=
                  "C:\\Program Files\\RadLight Company\\RadLight 4.0\\RLKERNEL.EXE"=
                  "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
                  "C:\\ABC\\abc.exe"=
                  "C:\\Program Files\\iTunes\\iTunes.exe"=
                  "C:\\Bearshare\\BearShare.exe"=
                  "C:\\Program Files\\Azureus\\Azureus.exe"=
                  "C:\\Program Files\\BearFlix\\bearflix.exe"=
                  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                  "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=
                  "C:\\Program Files\\DC++\\DCPlusPlus.exe"=
                  "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
                  "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

                  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
                  "17208:TCP"= 17208:TCP:BitComet 17208 TCP
                  "17208:UDP"= 17208:UDP:BitComet 17208 UDP

                  R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
                  R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
                  R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
                  S3 mclusb;Freecom USB for Digital Audio Device Driver;C:\WINDOWS\system32\Drivers\mclusb.sys [2002-08-08 17:12]
                  S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
                  S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
                  S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

                  .
                  Contents of the 'Scheduled Tasks' folder
                  "2008-03-24 15:42:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
                  - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
                  .
                  **************************************************************************

                  catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                  Rootkit scan 2008-04-17 16:44:02
                  Windows 5.1.2600 Service Pack 2 FAT NTAPI

                  scanning hidden processes ...

                  scanning hidden autostart entries ...

                  scanning hidden files ...

                  scan completed successfully
                  hidden files: 0

                  **************************************************************************
                  .
                  Completion time: 2008-04-17 16:44:46
                  ComboFix-quarantined-files.txt 2008-04-17 14:44:44
                  ComboFix3.txt 2008-04-16 23:51:02
                  ComboFix2.txt 2008-04-17 11:30:40

                  Pre-Run: 35,549,839,360 bytes free
                  Post-Run: 35,637,788,672 bytes free
                  .
                  2008-04-10 12:23:01 --- E O F ---
                  • Citaat

                  Comment

                  • #10
                    Post maar even een logje van Hijackthis en vertel of er nog problemen zijn
                    • Citaat

                    Comment

                    • #11
                      Tot nu toe nog geen problemen, maar kan nog komen. Dit is de LOG:


                      --------------------------------
                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 17:25:38, on 17-4-2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                      C:\Program Files\Alwil Software\Avast4\ashServ.exe
                      C:\WINDOWS\system32\LEXBCES.EXE
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\WINDOWS\system32\LEXPPS.EXE
                      c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
                      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                      C:\WINDOWS\System32\hkcmd.exe
                      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                      C:\WINDOWS\system32\LVCOMSX.EXE
                      C:\Program Files\Logitech\Video\CameraAssistant.exe
                      C:\WINDOWS\system32\ElkCtrl.exe
                      C:\WINDOWS\system32\WgaTray.exe
                      C:\Program Files\QuickTime\QTTask.exe
                      C:\Program Files\iTunes\iTunesHelper.exe
                      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\Program Files\Nuria\Nuria.exe
                      C:\Program Files\iPod\bin\iPodService.exe
                      C:\WINDOWS\explorer.exe
                      C:\Program Files\internet explorer\iexplore.exe
                      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
                      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                      O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
                      O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
                      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
                      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                      O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
                      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
                      O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
                      O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
                      O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
                      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
                      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
                      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
                      O4 - HKCU\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe
                      O4 - HKCU\..\Run: [vjjbtbnk] C:\WINDOWS\system32\ilojatcj.exe
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
                      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                      O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
                      O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
                      O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
                      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
                      O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
                      O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe (file missing)
                      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                      O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
                      O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
                      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
                      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
                      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
                      O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
                      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
                      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
                      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
                      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

                      --
                      End of file - 9402 bytes
                      Last edited by Hempo; 17-04-08, 17:44.
                      • Citaat

                      Comment

                      • #12
                        Verwijder deze regel met Hijackthis:
                        O4 - HKCU\..\Run: [vjjbtbnk] C:\WINDOWS\system32\ilojatcj.exe

                        Ga naar Start - Uitvoeren en geef het volgende in:
                        Combofix /U
                        Druk daarna op OK.

                        Combofix wordt nu verwijderd.
                        • Citaat

                        Comment

                        • #13
                          ok, nog geen meldingen iig weer gehad en hij lijkt ook weer snel en soepel te lopen
                          • Citaat

                          Comment

                          • #14
                            Deze regels mogen nog weg:
                            O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe (file missing)
                            O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
                            O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

                            Verder hoeven we, denk ik, niets meer te doen
                            • Citaat

                            Comment

                            • #15
                              Gedaan.

                              PC is op een of andere manier nog traag. En met internetten verschijnt er af en toe een ongewenste pop-up of nieuw tablad.. ongevraagd.

                              Wat kunnen we nog doen?
                              • Citaat

                              Comment

                              Vorige 1 2 template Volgende
                              Sorry, you are not authorized to view this page
                              Working...
                              X