Mededeling

**Pimmerd** · 16-05-08, 09:16

Download MBAM (Malwarebytes' Anti-Malware) via hier of hier.

Dubbelklik op mbam-setup.exe om het programma te installeren.
- Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
- Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
- Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
- Het scannen kan een tijdje duren, dus wees geduldig.
- Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
- Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
- Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
- De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.
- Kopieer en plak de inhoud van het logje in je volgend antwoord, samen met een nieuw HijackThis log.
Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Post ook een nieuw Hijackthis logje.

**markolsthoorn** · 16-05-08, 16:27

Bedankt voor de snelle reactie. Ik kreeg nog aardig wat van virussen door zag ik. Hij gaf er zo'n 12 aan veel waren Virtumundo.

Dit kreeg ik na het opstarten: (misschien handmatig verwijderen)

Mbam logje: (malwarebytes)

Code:

Malwarebytes' Anti-Malware 1.12
Database versie: 755

Scan type: Snelle Scan
Objecten gescand: 36522
Verstreken tijd: 3 minute(s), 40 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 2
Registersleutels geïnfecteerd: 9
Registerwaarden geïnfecteerd: 2
Registerdata bestanden geïnfecteerd: 2
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 9

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
C:\WINDOWS\system32\awtUlLfD.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\uaghvglc.dll (Trojan.Vundo) -> Unloaded module successfully.

Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dec29213-8686-44a5-9a1f-fec9cfc1bf8f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dec29213-8686-44a5-9a1f-fec9cfc1bf8f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\70cf3da0 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM73fc0e3c (Trojan.Agent) -> Delete on reboot.

Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\awtullfd -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\awtullfd  -> Delete on reboot.

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
C:\WINDOWS\system32\awtUlLfD.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\DfLlUtwa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DfLlUtwa.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uaghvglc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\clgvhgau.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uhvkjqdp.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tuvUOEXO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyVMfFx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayvUOHx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Hijackthis logje:

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24:45, on 16-5-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Mark\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: {dfe03492-42cf-981b-1c24-53f8299810a4} - {4a018992-8f35-42c1-b189-fc2429430efd} - C:\WINDOWS\system32\iltxpnao.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {F535AA22-81FC-4ADD-8CF6-D1D9DDE7B56B} - C:\WINDOWS\system32\vtUkjhHB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [BroadcomWireless] C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: vtUkjhHB - C:\WINDOWS\SYSTEM32\vtUkjhHB.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 5209 bytes

EDIT:

IK krijg nog steeds pop ups en net gaf Nod32 een melden:
File: C:\Documents and Srtting\Mark\Local Setting\Temporary Intern...\yaypalassamosvala[1]
Threat: Win32/PrivacySet.A trojan.
Comment: Event occurred on a new file created by the application: C:\Windows\Explorer.EXE. This file was moves to quarantine. You may close this window.

Edit 2:
Na het op snannen vond het weer 12 bestanden, 9 daarvan Trojan.Vundo en 2 of 3 daarvan: Trojan.Agent

En volgens mij zit het ook in me firefox. Internet gaat vreselijk sloom. Naar mijn idee worden reclames vervangen door reclames van het virus.
Overigens krijg ik mijn Windows Updates ook niet aan de praat meer. En via Google zoeken lukt niet.

Edit 3:
Ik krijg pop ups die echt nergens over gaan. Ik heb ze eerder gehad, ze zijn van verschillende dingen. Zoals: Je computer is besmet doe dit en dat..... (ik dus zeker niet doen..) En dingen zoals Adultfinder en porno.

Overigens worden de reclame banners op de website zoals: Techzine.nl ook veranderd. Ik geloof nooit dat ze die zelf erop zetten. Op bijna elke site worden ze veranderd. En dat vertraagt Firefox ook enorm. Normaal binnen 1 seconden geladen, nu 10 seconden. Als het niet meer is. Ik kan altijd XP nog opnieuw instaleren maar hopelijk kunnen jullie nog helpen. Waarschijnelijk even met Combofix erdoorheen en wat regels fixen met hijackthis en daarna nog een scan?

Edit 4:
Na 1 uur firefoxen kreeg ik een Microsoft Visual C++ runtime error.

**markolsthoorn** · 17-05-08, 13:10

Het is wel een beetje uit de hand gelopen. Internet is nu echt enorm traag en ik kan niet meer googlen. Graag wil ik het zo snel mogelijk oplossen.

**markolsthoorn** · 17-05-08, 14:13

De volgende virussen heb ik nog ontdekt: (gevonden door Malwarebytes)

Trojan.Vundo, (7 keer) (File, Memory Value en Registry keys)
(Vundofix.exe werkte helaas niet, kon ze niet vinden)
Trojan.Agent (2 keer) (file en registry value)
Malware.Trace (3 keer) (Registry keys)

**markolsthoorn** · 17-05-08, 14:51

Ik heb even wat eerder gebruikte programma's op de laptop los laten gaan.

Zo'n 50 virussen weg, dit heb ik gebruikt:
VundoFix
Malwarebytes
Dr. Web Cure it. [Is nog bezig]
Combofix

Combofix log:

Code:

ComboFix 08-05-15.3 - Mark 2008-05-17 13:33:18.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1043.18.1260 [GMT 2:00]
Gestart vanuit: G:\ComboFix.exe
 * Nieuw herstelpunt werd aangemaakt
 * Resident AV is active


[color=red][b]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b][/color]
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\Desktop_.ini
C:\WINDOWS\system32\oXIjmnnn.ini
C:\WINDOWS\system32\oXIjmnnn.ini2
C:\WINDOWS\system32\shmvvirw.ini
C:\WINDOWS\system32\wsmaxupf.ini

.
((((((((((((((((((((   Bestanden Gemaakt van 2008-04-17 to 2008-05-17  ))))))))))))))))))))))))))))))
.

2008-05-16 22:10 . 2008-05-16 22:10	135,680	--a------	C:\WINDOWS\system32\fltoqgdi.dll
2008-05-16 22:07 . 2008-05-16 22:07	116,736	--a------	C:\WINDOWS\system32\wrivvmhs.dll
2008-05-16 21:59 . 2008-05-16 21:59	125,952	--a------	C:\WINDOWS\system32\dugnvwfy.dll
2008-05-16 21:58 . 2008-05-16 21:58	370,688	--a------	C:\WINDOWS\system32\nnnmjIXo.dll
2008-05-16 17:06 . 2008-05-16 17:23	<DIR>	d--------	C:\Documents and Settings\Mark\.housecall6.6
2008-05-16 17:06 . 2008-05-16 17:06	102,664	--a------	C:\WINDOWS\system32\drivers\tmcomm.sys
2008-05-16 16:34 . 2008-05-16 16:34	135,680	--a------	C:\WINDOWS\system32\eopdgflg.dll
2008-05-16 16:15 . 2008-05-16 16:15	<DIR>	d--------	C:\Program Files\Malwarebytes' Anti-Malware
2008-05-16 16:15 . 2008-05-16 16:15	<DIR>	d--------	C:\Documents and Settings\Mark\Application Data\Malwarebytes
2008-05-16 16:15 . 2008-05-16 16:15	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-16 16:15 . 2008-05-05 20:46	27,048	--a------	C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-16 16:15 . 2008-05-05 20:46	15,864	--a------	C:\WINDOWS\system32\drivers\mbam.sys
2008-05-16 08:19 . 2008-05-16 08:19	<DIR>	d--------	C:\Program Files\Trend Micro
2008-05-16 05:12 . 2008-05-16 05:12	133,120	--a------	C:\WINDOWS\system32\iltxpnao.dll
2008-05-16 05:07 . 2008-05-17 13:19	109,821	--a------	C:\WINDOWS\BM73fc0e3c.xml
2008-05-15 20:22 . 2008-05-15 20:22	<DIR>	d--------	C:\WINDOWS\system32\tenarchlib
2008-05-15 20:22 . 2008-05-15 20:24	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Tenebril
2008-05-15 20:22 . 2005-10-08 16:10	499,712	--a------	C:\WINDOWS\system32\msvcp71.dll
2008-05-15 20:22 . 2005-10-08 16:10	348,160	--a------	C:\WINDOWS\system32\msvcr71.dll
2008-05-15 20:22 . 2005-10-12 22:10	180,224	--a-s----	C:\WINDOWS\system32\archlib.dll
2008-05-15 17:42 . 2008-05-15 17:42	<DIR>	d--------	C:\Program Files\Jiffy Gmail Creator
2008-05-15 17:35 . 2008-05-15 17:54	<DIR>	d--------	C:\WINDOWS\vf_hip
2008-05-15 17:35 . 2008-05-15 17:36	<DIR>	d--------	C:\Program Files\Hide IP Platinum
2008-05-15 17:35 . 2008-05-15 17:35	32	--a------	C:\WINDOWS\go
2008-05-15 16:57 . 2008-05-15 17:16	95,232	--a------	C:\WINDOWS\version.exe
2008-05-15 16:57 . 2008-05-15 16:57	59,392	--a------	C:\WINDOWS\system32\vtUkjhHB.dll
2008-05-05 13:09 . 2008-04-08 20:17	<DIR>	d--h-----	C:\Documents and Settings\Gast\Sjablonen
2008-05-05 13:09 . 2008-05-13 17:18	<DIR>	dr-h-----	C:\Documents and Settings\Gast\Onlangs geopend
2008-05-05 13:09 . 2008-04-08 22:09	<DIR>	d--h-----	C:\Documents and Settings\Gast\Netwerkprinteromgeving
2008-05-05 13:09 . 2008-05-13 17:17	<DIR>	dr-------	C:\Documents and Settings\Gast\Mijn documenten
2008-05-05 13:09 . 2008-04-08 22:09	<DIR>	dr-------	C:\Documents and Settings\Gast\Menu Start
2008-05-05 13:09 . 2008-05-05 13:09	<DIR>	dr-------	C:\Documents and Settings\Gast\Favorieten
2008-05-05 13:09 . 2008-04-08 22:09	<DIR>	d--------	C:\Documents and Settings\Gast\Bureaublad
2008-05-05 13:09 . 2008-05-05 13:09	<DIR>	d--------	C:\Documents and Settings\Gast
2008-05-05 13:09 . 2008-05-17 13:39	1,024	--ah-----	C:\Documents and Settings\Gast\NtUser.dat.LOG
2008-05-04 22:14 . 2008-05-04 22:14	9,539,884	--a------	C:\Call.of.Duty.4.Modern.Warfare.7z
2008-05-02 19:48 . 2008-05-02 19:48	34	--a------	C:\.shadow
2008-05-01 19:02 . 2008-05-01 19:02	<DIR>	d--------	C:\WINDOWS\Downloaded Installations
2008-04-26 13:29 . 2008-04-26 13:29	25	--a------	C:\WINDOWS\SW_Win2000X48.DLL
2008-04-26 13:28 . 2008-04-26 13:28	<DIR>	d--------	C:\Program Files\Softinterface, Inc
2008-04-24 22:50 . 2008-04-24 22:51	<DIR>	d--------	C:\Program Files\eMule
2008-04-21 19:15 . 2008-04-30 21:39	63,488	--a------	C:\WINDOWS\system32\ieframe.oca
2008-04-21 19:08 . 2008-04-26 12:54	<DIR>	d--------	C:\Documents and Settings\Mark\Application Data\LimeWire
2008-04-21 19:07 . 2008-04-21 19:08	<DIR>	d--------	C:\Program Files\LimeWire
2008-04-20 19:06 . 2008-05-02 19:56	<DIR>	d--------	C:\Program Files\WarRock
2008-04-20 18:30 . 2008-04-20 18:30	<DIR>	d--------	C:\WINDOWS\.jagex_cache_32
2008-04-18 20:24 . 2008-04-18 20:24	<DIR>	d--h-----	C:\WINDOWS\PIF
2008-04-17 21:13 . 2008-04-17 21:23	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-17 21:09 . 2008-04-17 21:11	<DIR>	d--------	C:\Program Files\TmNationsForever
2008-04-17 17:50 . 2008-03-01 15:05	6,066,176	-----c---	C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-17 17:50 . 2007-07-01 05:31	2,455,488	-----c---	C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-17 17:50 . 2007-07-01 05:36	1,032,192	-----c---	C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-17 17:50 . 2008-03-01 15:05	459,264	-----c---	C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-17 17:50 . 2008-03-01 15:05	383,488	-----c---	C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-17 17:50 . 2008-03-01 15:05	267,776	-----c---	C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-17 17:50 . 2008-03-01 15:05	63,488	-----c---	C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-17 17:50 . 2008-03-01 15:05	52,224	-----c---	C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-17 17:50 . 2008-02-22 12:00	13,824	-----c---	C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-17 17:49 . 2008-04-17 17:50	<DIR>	d--------	C:\WINDOWS\system32\nl-nl

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 18:14	---------	d-----w	C:\Documents and Settings\Mark\Application Data\GrabIt
2008-05-15 15:22	---------	d-----w	C:\Documents and Settings\Mark\Application Data\uTorrent
2008-05-08 20:01	---------	d-----w	C:\Documents and Settings\Mark\Application Data\FileZilla
2008-05-06 19:17	---------	d-----w	C:\Program Files\Launch Manager
2008-05-02 17:57	22,328	----a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-20 17:06	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-04-18 18:22	---------	d-----w	C:\Program Files\ESET
2008-04-17 16:20	---------	d-----w	C:\Program Files\Hide My IP 2007
2008-04-16 07:54	---------	d-----w	C:\Program Files\Common Files\Vbox
2008-04-16 07:53	---------	d-----w	C:\Program Files\Macromedia
2008-04-15 17:30	---------	d-----w	C:\Documents and Settings\Mark\Application Data\Xfire
2008-04-15 17:09	---------	dcsh--w	C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-15 17:09	---------	d-----w	C:\Program Files\Windows Live
2008-04-15 16:58	---------	d-----w	C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-15 16:23	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-04-15 11:53	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-04-15 11:52	---------	d-----w	C:\Program Files\Common Files\Adobe Systems Shared
2008-04-14 16:22	---------	d-----w	C:\Program Files\Cheat Engine
2008-04-13 11:54	---------	d-----w	C:\Program Files\TrackMania Nations ESWC
2008-04-11 20:44	---------	d-----w	C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-04-11 20:41	---------	d-----w	C:\Program Files\Common Files\Ahead
2008-04-11 20:41	---------	d-----w	C:\Program Files\Ahead
2008-04-11 19:55	---------	d-----w	C:\Program Files\FileZilla FTP Client
2008-04-11 19:32	---------	d-----w	C:\Documents and Settings\LocalService\Application Data\Xfire
2008-04-11 19:22	---------	d-----w	C:\Program Files\PSPad editor
2008-04-11 19:22	---------	d-----w	C:\Documents and Settings\Mark\Application Data\PSpad
2008-04-11 18:57	---------	d-----w	C:\Program Files\Microsoft.NET
2008-04-11 16:55	22,328	----a-w	C:\Documents and Settings\Mark\Application Data\PnkBstrK.sys
2008-04-11 16:41	---------	d-----w	C:\Documents and Settings\Mark\Application Data\TeamViewer
2008-04-11 16:18	---------	d-----w	C:\Program Files\Activision
2008-04-11 16:15	---------	d-----w	C:\Program Files\TeamViewer3
2008-04-10 18:29	---------	d-----w	C:\Program Files\Xfire
2008-04-10 17:50	---------	d-----w	C:\Program Files\directx
2008-04-10 17:44	---------	d-----w	C:\Program Files\Windows Media Connect 2
2008-04-10 17:38	---------	d-----w	C:\Program Files\QuickPar
2008-04-10 17:22	---------	d-----w	C:\Program Files\SystemRequirementsLab
2008-04-10 17:22	---------	d-----w	C:\Documents and Settings\Mark\Application Data\SystemRequirementsLab
2008-04-10 14:45	---------	d-----w	C:\Program Files\Web Publish
2008-04-10 14:04	---------	d-----w	C:\Program Files\RimArts
2008-04-10 13:53	---------	d-----w	C:\Documents and Settings\Mark\Application Data\G-Lock Software
2008-04-10 13:38	---------	d-----w	C:\Program Files\Java
2008-04-10 13:35	---------	d-----w	C:\Program Files\Common Files\Java
2008-04-10 13:34	---------	d-----w	C:\Program Files\Email-Business
2008-04-09 19:30	---------	d-----w	C:\Program Files\FTDv3.8
2008-04-09 19:21	---------	d-----w	C:\Program Files\GrabIt
2008-04-09 19:12	---------	d-----w	C:\Documents and Settings\Mark\Application Data\vlc
2008-04-09 19:11	---------	d-----w	C:\Program Files\VideoLAN
2008-04-09 19:11	---------	d-----w	C:\Program Files\uTorrent
2008-04-08 19:52	---------	d-----w	C:\Documents and Settings\Mark\Application Data\Nexon
2008-04-08 19:51	---------	d-----w	C:\Program Files\Common Files\INCA Shared
2008-04-08 19:09	512,096	----a-w	C:\WINDOWS\system32\drivers\amon.sys
2008-04-08 19:09	15,424	----a-w	C:\WINDOWS\system32\drivers\nod32drv.sys
2008-04-08 18:59	---------	d-----w	C:\Program Files\Common Files\snp2uvc
2008-04-08 18:58	---------	d-----w	C:\Program Files\Acer
2008-04-08 18:57	---------	d-----w	C:\Program Files\Broadcom
2008-04-08 18:56	---------	d-----w	C:\Program Files\Atheros
2008-04-08 18:55	0	---ha-w	C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-08 18:55	0	---ha-w	C:\WINDOWS\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-04-08 18:55	---------	d-----w	C:\Program Files\Synaptics
2008-04-08 18:55	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-04-08 18:55	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Atheros
2008-04-08 18:54	---------	d-----w	C:\Program Files\CONEXANT
2008-04-08 18:54	---------	d-----w	C:\Program Files\Apoint2K
2008-04-08 18:52	315,392	----a-w	C:\WINDOWS\HideWin.exe
2008-04-08 18:52	---------	d-----w	C:\Program Files\Realtek
2008-04-08 18:50	---------	d-----w	C:\Program Files\DIFX
2008-04-08 18:49	---------	d-----w	C:\Documents and Settings\Mark\Application Data\InstallShield
2008-04-08 18:22	---------	d-----w	C:\Program Files\microsoft frontpage
.
[code]<pre>
----a-w           415,504 2007-08-15 20:31:30  C:\Documents and Settings\Mark\Mijn documenten\Mark\U3 Software\U3 software\Portable Menu's\Ceedo\CeedoInstaller2.1.0.22 .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{261B8287-F13A-4F6A-8697-DB9594E479C2}]
2008-05-16 21:58 370688 --a------ C:\WINDOWS\system32\nnnmjIXo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3c178c08-4e50-4715-b3a5-dbd508aa7a26}]
2008-05-16 22:10 135680 --a------ C:\WINDOWS\system32\fltoqgdi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F535AA22-81FC-4ADD-8CF6-D1D9DDE7B56B}]
2008-05-15 16:57 59392 --a------ C:\WINDOWS\system32\vtUkjhHB.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-23 23:11 8433664]
"nwiz"="nwiz.exe" [2007-07-23 23:12 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-07-23 23:11 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-23 23:12 16342528 C:\WINDOWS\RTHDCPL.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-07-23 23:12 159744]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-23 23:13 827392]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-07-23 23:13 752136]
"BroadcomWireless"="C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe" [ ]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-08 21:09 950664]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"70cf3da0"="C:\WINDOWS\system32\wrivvmhs.dll" [2008-05-16 22:07 116736]
"BM73fc0e3c"="C:\WINDOWS\system32\dugnvwfy.dll" [2008-05-16 21:59 125952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{F535AA22-81FC-4ADD-8CF6-D1D9DDE7B56B}"= C:\WINDOWS\system32\vtUkjhHB.dll [2008-05-15 16:57 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUkjhHB]
vtUkjhHB.dll 2008-05-15 16:57 59392 C:\WINDOWS\system32\vtUkjhHB.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Mark^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]
path=C:\Documents and Settings\Mark\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Mark^Menu Start^Programma's^Opstarten^Xfire.lnk]
path=C:\Documents and Settings\Mark\Menu Start\Programma's\Opstarten\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\UnrealTournament\\System\\UnrealTournament.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\\Program Files\\eMule\\emule.exe"=

R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-07-23 23:11]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 13:40:01
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\vtUkjhHB.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\wrivvmhs.dll
-> C:\WINDOWS\system32\dugnvwfy.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\Mark\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Voltooingstijd: 2008-05-17 13:44:59 - machine was rebooted [Mark]
ComboFix-quarantined-files.txt 2008-05-17 11:43:52

Pre-Run: 93,351,374,848 bytes beschikbaar
Post-Run: 93,301,473,280 bytes beschikbaar

247 --- E O F --- 2008-05-15 12:11:24
[/CODE]

VundoFix log:

Code:

VundoFix V7.0.3

Scan started at 13:57:16 17-5-2008

Listing files found while scanning....

No infected files were found.


VundoFix V7.0.3

Scan started at 14:19:24 17-5-2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V7.0.3

Scan started at 14:38:57 17-5-2008

Listing files found while scanning....

Nog een hijackthis als laatste, misschien vinden jullie nog iets kwaadachtigs in?

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:50:40, on 17-5-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Mark\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Mark\Bureaublad\cureit.exe
C:\Documents and Settings\Mark\Bureaublad\VundoFix.exe
C:\DOCUME~1\Mark\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\Mark\LOCALS~1\Temp\RarSFX0\setup.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: {248d2a93-de38-bfc8-85d4-bae2fd7e3ff2} - {2ff3e7df-2eab-4d58-8cfb-83ed39a2d842} - C:\WINDOWS\system32\rwmutrnx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C83DE8F6-32C9-4011-9EF9-66D7B6068435} - C:\WINDOWS\system32\nnnmjIXo.dll (file missing)
O2 - BHO: (no name) - {F535AA22-81FC-4ADD-8CF6-D1D9DDE7B56B} - C:\WINDOWS\system32\vtUkjhHB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [BroadcomWireless] C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: vtUkjhHB - C:\WINDOWS\SYSTEM32\vtUkjhHB.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 5506 bytes

Deze kloppen denk niet helemaal:
O2 - BHO: (no name) - {C83DE8F6-32C9-4011-9EF9-66D7B6068435} - C:\WINDOWS\system32\nnnmjIXo.dll (file missing)
O2 - BHO: (no name) - {F535AA22-81FC-4ADD-8CF6-D1D9DDE7B56B} - C:\WINDOWS\system32\vtUkjhHB.dll

20 minuten later:

Malware.Trace gevonden

Code:

Malwarebytes' Anti-Malware 1.12
Database versie: 755

Scan type: Snelle Scan
Objecten gescand: 36300
Verstreken tijd: 8 minute(s), 35 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 1
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

**Pimmerd** · 17-05-08, 17:58

Graag niet zelf met allerlei tooltjes gaan spelen, dit kan nogweleens verkeerd uitpakken voor je computer.

Deinstalleer Combofix:
Ga naar start --> uitvoeren en typ daar: combofix /u

Download Combofix opnieuw, maak daarmee een log en post die:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

**markolsthoorn** · 18-05-08, 00:25

Oke, ik heb het gedaan, maar de virussen zijn merkbaar nog niet weg.

ComboFix 08-05-15.3 - Mark 2008-05-18 0:10:12.2 - NTFSx86
Gestart vanuit: C:\Documents and Settings\Mark\Bureaublad\ComboFix.exe
* Resident AV is active

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\FghhOUvw.ini
C:\WINDOWS\system32\FghhOUvw.ini2
C:\WINDOWS\system32\menwwlbk.ini
C:\WINDOWS\system32\oXIjmnnn.ini
C:\WINDOWS\system32\oXIjmnnn.ini2

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))
.

2008-05-18 00:16 . 2008-05-18 00:16 22 --a------ C:\WINDOWS\pskt.ini
2008-05-18 00:11 . 2008-05-18 00:16 294 ---hs---- C:\WINDOWS\system32\menwwlbk.ini
2008-05-17 15:55 . 2008-05-17 15:55 134,144 --a------ C:\WINDOWS\system32\epaimmcs.dll
2008-05-17 15:49 . 2008-05-17 15:49 116,224 --a------ C:\WINDOWS\system32\kblwwnem.dll
2008-05-17 15:44 . 2008-05-17 15:44 125,952 --a------ C:\WINDOWS\system32\qiebcyra.dll
2008-05-17 15:43 . 2008-05-17 15:43 371,712 --a------ C:\WINDOWS\system32\wvUOhhgF.dll
2008-05-17 14:39 . 2008-05-17 14:39 <DIR> d-------- C:\Documents and Settings\Mark\DoctorWeb
2008-05-17 13:57 . 2008-05-17 13:57 <DIR> d-------- C:\VundoFix Backups
2008-05-17 13:55 . 2008-05-17 13:55 134,144 --a------ C:\WINDOWS\system32\rwmutrnx.dll
2008-05-17 13:51 . 2008-05-17 13:51 125,952 --a------ C:\WINDOWS\system32\ryvlrlmn.dll
2008-05-16 22:10 . 2008-05-16 22:10 135,680 --a------ C:\WINDOWS\system32\fltoqgdi.dll
2008-05-16 17:06 . 2008-05-16 17:23 <DIR> d-------- C:\Documents and Settings\Mark\.housecall6.6
2008-05-16 17:06 . 2008-05-16 17:06 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-05-16 16:34 . 2008-05-16 16:34 135,680 --a------ C:\WINDOWS\system32\eopdgflg.dll
2008-05-16 16:15 . 2008-05-16 16:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-16 16:15 . 2008-05-16 16:15 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\Malwarebytes
2008-05-16 16:15 . 2008-05-16 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-16 16:15 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-16 16:15 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-16 08:19 . 2008-05-16 08:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-16 05:12 . 2008-05-16 05:12 133,120 --a------ C:\WINDOWS\system32\iltxpnao.dll
2008-05-16 05:07 . 2008-05-18 00:16 109,803 --a------ C:\WINDOWS\BM73fc0e3c.xml
2008-05-15 20:22 . 2008-05-15 20:22 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2008-05-15 20:22 . 2008-05-15 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2008-05-15 20:22 . 2005-10-08 16:10 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-15 20:22 . 2005-10-08 16:10 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-15 20:22 . 2005-10-12 22:10 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2008-05-15 17:35 . 2008-05-15 17:54 <DIR> d-------- C:\WINDOWS\vf_hip
2008-05-15 17:35 . 2008-05-15 17:36 <DIR> d-------- C:\Program Files\Hide IP Platinum
2008-05-15 17:35 . 2008-05-15 17:35 32 --a------ C:\WINDOWS\go
2008-05-15 16:57 . 2008-05-15 17:16 95,232 --a------ C:\WINDOWS\version.exe
2008-05-15 16:57 . 2008-05-15 16:57 59,392 --a------ C:\WINDOWS\system32\vtUkjhHB.dll
2008-05-05 13:09 . 2008-04-08 20:17 <DIR> d--h----- C:\Documents and Settings\Gast\Sjablonen
2008-05-05 13:09 . 2008-05-13 17:18 <DIR> dr-h----- C:\Documents and Settings\Gast\Onlangs geopend
2008-05-05 13:09 . 2008-04-08 22:09 <DIR> d--h----- C:\Documents and Settings\Gast\Netwerkprinteromgeving
2008-05-05 13:09 . 2008-05-13 17:17 <DIR> dr------- C:\Documents and Settings\Gast\Mijn documenten
2008-05-05 13:09 . 2008-04-08 22:09 <DIR> dr------- C:\Documents and Settings\Gast\Menu Start
2008-05-05 13:09 . 2008-05-05 13:09 <DIR> dr------- C:\Documents and Settings\Gast\Favorieten
2008-05-05 13:09 . 2008-04-08 22:09 <DIR> d-------- C:\Documents and Settings\Gast\Bureaublad
2008-05-05 13:09 . 2008-05-05 13:09 <DIR> d-------- C:\Documents and Settings\Gast
2008-05-05 13:09 . 2008-05-18 00:15 1,024 --ah----- C:\Documents and Settings\Gast\NtUser.dat.LOG
2008-05-04 22:14 . 2008-05-04 22:14 9,539,884 --a------ C:\Call.of.Duty.4.Modern.Warfare.7z
2008-05-02 19:48 . 2008-05-02 19:48 34 --a------ C:\.shadow
2008-05-01 19:02 . 2008-05-01 19:02 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-26 13:29 . 2008-04-26 13:29 25 --a------ C:\WINDOWS\SW_Win2000X48.DLL
2008-04-26 13:28 . 2008-04-26 13:28 <DIR> d-------- C:\Program Files\Softinterface, Inc
2008-04-24 22:50 . 2008-04-24 22:51 <DIR> d-------- C:\Program Files\eMule
2008-04-21 19:15 . 2008-04-30 21:39 63,488 --a------ C:\WINDOWS\system32\ieframe.oca
2008-04-21 19:08 . 2008-04-26 12:54 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\LimeWire
2008-04-21 19:07 . 2008-04-21 19:08 <DIR> d-------- C:\Program Files\LimeWire
2008-04-20 19:06 . 2008-05-02 19:56 <DIR> d-------- C:\Program Files\WarRock
2008-04-20 18:30 . 2008-04-20 18:30 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-04-18 20:24 . 2008-04-18 20:24 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-17 21:13 . 2008-04-17 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-17 21:09 . 2008-04-17 21:11 <DIR> d-------- C:\Program Files\TmNationsForever
2008-04-17 17:50 . 2008-03-01 15:05 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-17 17:50 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-17 17:50 . 2007-07-01 05:36 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-17 17:50 . 2008-03-01 15:05 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-17 17:50 . 2008-03-01 15:05 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-17 17:50 . 2008-03-01 15:05 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-17 17:50 . 2008-03-01 15:05 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-17 17:50 . 2008-03-01 15:05 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-17 17:50 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-17 17:49 . 2008-04-17 17:50 <DIR> d-------- C:\WINDOWS\system32\nl-nl

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 22:11 1,466,368 ----a-w C:\WINDOWS\system32\menwwlbk.tmp
2008-05-17 16:52 --------- d-----w C:\Program Files\Cheat Engine
2008-05-15 18:14 --------- d-----w C:\Documents and Settings\Mark\Application Data\GrabIt
2008-05-15 15:22 --------- d-----w C:\Documents and Settings\Mark\Application Data\uTorrent
2008-05-08 20:01 --------- d-----w C:\Documents and Settings\Mark\Application Data\FileZilla
2008-05-06 19:17 --------- d-----w C:\Program Files\Launch Manager
2008-05-02 17:57 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-02 17:57 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-25 08:36 98,304 ----a-w C:\WINDOWS\system32\DVM.dll
2008-04-22 21:13 219,136 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-04-20 17:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-18 18:22 --------- d-----w C:\Program Files\ESET
2008-04-17 16:20 --------- d-----w C:\Program Files\Hide My IP 2007
2008-04-16 07:54 --------- d-----w C:\Program Files\Common Files\Vbox
2008-04-16 07:53 --------- d-----w C:\Program Files\Macromedia
2008-04-15 17:30 --------- d-----w C:\Documents and Settings\Mark\Application Data\Xfire
2008-04-15 17:09 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-15 17:09 --------- d-----w C:\Program Files\Windows Live
2008-04-15 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-15 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-04-15 11:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-15 11:52 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-04-13 11:54 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-04-12 12:39 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-11 20:44 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-04-11 20:41 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-11 20:41 --------- d-----w C:\Program Files\Ahead
2008-04-11 19:55 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-04-11 19:32 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2008-04-11 19:22 --------- d-----w C:\Program Files\PSPad editor
2008-04-11 19:22 --------- d-----w C:\Documents and Settings\Mark\Application Data\PSpad
2008-04-11 18:57 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-11 16:55 22,328 ----a-w C:\Documents and Settings\Mark\Application Data\PnkBstrK.sys
2008-04-11 16:41 --------- d-----w C:\Documents and Settings\Mark\Application Data\TeamViewer
2008-04-11 16:18 --------- d-----w C:\Program Files\Activision
2008-04-11 16:15 --------- d-----w C:\Program Files\TeamViewer3
2008-04-10 18:29 --------- d-----w C:\Program Files\Xfire
2008-04-10 17:50 --------- d-----w C:\Program Files\directx
2008-04-10 17:44 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-10 17:38 --------- d-----w C:\Program Files\QuickPar
2008-04-10 17:22 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-04-10 17:22 --------- d-----w C:\Documents and Settings\Mark\Application Data\SystemRequirementsLab
2008-04-10 14:45 --------- d-----w C:\Program Files\Web Publish
2008-04-10 14:04 --------- d-----w C:\Program Files\RimArts
2008-04-10 13:53 --------- d-----w C:\Documents and Settings\Mark\Application Data\G-Lock Software
2008-04-10 13:38 --------- d-----w C:\Program Files\Java
2008-04-10 13:35 --------- d-----w C:\Program Files\Common Files\Java
2008-04-10 13:34 --------- d-----w C:\Program Files\Email-Business
2008-04-09 19:30 --------- d-----w C:\Program Files\FTDv3.8
2008-04-09 19:21 --------- d-----w C:\Program Files\GrabIt
2008-04-09 19:12 --------- d-----w C:\Documents and Settings\Mark\Application Data\vlc
2008-04-09 19:11 --------- d-----w C:\Program Files\VideoLAN
2008-04-09 19:11 --------- d-----w C:\Program Files\uTorrent
2008-04-08 19:52 --------- d-----w C:\Documents and Settings\Mark\Application Data\Nexon
2008-04-08 19:51 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-04-08 19:09 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-04-08 19:09 299,392 ----a-w C:\WINDOWS\system32\imon.dll
2008-04-08 19:09 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-04-08 18:59 --------- d-----w C:\Program Files\Common Files\snp2uvc
2008-04-08 18:58 --------- d-----w C:\Program Files\Acer
2008-04-08 18:57 --------- d-----w C:\Program Files\Broadcom
2008-04-08 18:56 --------- d-----w C:\Program Files\Atheros
2008-04-08 18:55 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-08 18:55 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-04-08 18:55 --------- d-----w C:\Program Files\Synaptics
2008-04-08 18:55 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-08 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Atheros
2008-04-08 18:54 --------- d-----w C:\Program Files\CONEXANT
2008-04-08 18:54 --------- d-----w C:\Program Files\Apoint2K
2008-04-08 18:52 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-04-08 18:52 --------- d-----w C:\Program Files\Realtek
2008-04-08 18:50 --------- d-----w C:\Program Files\DIFX
2008-04-08 18:49 --------- d-----w C:\Documents and Settings\Mark\Application Data\InstallShield
2008-04-08 18:22 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-04 21:31 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

Code:

<pre>
----a-w           415,504 2007-08-15 20:31:30  C:\Documents and Settings\Mark\Mijn documenten\Mark\U3 Software\U3 software\Portable Menu's\Ceedo\CeedoInstaller2.1.0.22 .exe
</pre>

((((((((((((((((((((((((((((( [email protected]_13.43.18.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-17 11:39:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-17 22:15:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-17 11:11:16 60,958 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-17 12:40:08 60,958 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-17 11:11:16 80,140 ----a-w C:\WINDOWS\system32\perfc013.dat
+ 2008-05-17 12:40:09 80,140 ----a-w C:\WINDOWS\system32\perfc013.dat
- 2008-05-17 11:11:16 400,798 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-17 12:40:08 400,798 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-17 11:11:16 465,342 ----a-w C:\WINDOWS\system32\perfh013.dat
+ 2008-05-17 12:40:09 465,342 ----a-w C:\WINDOWS\system32\perfh013.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ac95d52-de3b-452e-9934-0f887637ffe1}]
2008-05-17 15:55 134144 --a------ C:\WINDOWS\system32\epaimmcs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C83DE8F6-32C9-4011-9EF9-66D7B6068435}]
C:\WINDOWS\system32\nnnmjIXo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE3A39DD-7E69-4197-AEB9-CE7A3F0E02E7}]
2008-05-17 15:43 371712 --a------ C:\WINDOWS\system32\wvUOhhgF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F535AA22-81FC-4ADD-8CF6-D1D9DDE7B56B}]
2008-05-15 16:57 59392 --a------ C:\WINDOWS\system32\vtUkjhHB.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-23 23:11 8433664]
"nwiz"="nwiz.exe" [2007-07-23 23:12 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-07-23 23:11 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-23 23:12 16342528 C:\WINDOWS\RTHDCPL.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-07-23 23:12 159744]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-23 23:13 827392]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-07-23 23:13 752136]
"BroadcomWireless"="C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe" [ ]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-08 21:09 950664]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"70cf3da0"="C:\WINDOWS\system32\kblwwnem.dll" [2008-05-17 15:49 116224]
"BM73fc0e3c"="C:\WINDOWS\system32\qiebcyra.dll" [2008-05-17 15:44 125952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{F535AA22-81FC-4ADD-8CF6-D1D9DDE7B56B}"= C:\WINDOWS\system32\vtUkjhHB.dll [2008-05-15 16:57 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUkjhHB]
vtUkjhHB.dll 2008-05-15 16:57 59392 C:\WINDOWS\system32\vtUkjhHB.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Mark^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]
path=C:\Documents and Settings\Mark\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Mark^Menu Start^Programma's^Opstarten^Xfire.lnk]
path=C:\Documents and Settings\Mark\Menu Start\Programma's\Opstarten\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\UnrealTournament\\System\\UnrealTournament.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\\Program Files\\eMule\\emule.exe"=

R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-07-23 23:11]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 00:16:28
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

C:\WINDOWS\system32\menwwlbk.ini 294 bytes

Scan succesvol afgerond
verborgen bestanden: 1

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\vtUkjhHB.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\kblwwnem.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\Mark\LOCALS~1\temp\RtkBtMnt.exe
.
**************************************************************************
.
Voltooingstijd: 2008-05-18 0:20:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-17 22:20:34
ComboFix2.txt 2008-05-17 11:45:00

Pre-Run: 93,367,975,936 bytes beschikbaar
Post-Run: 93,358,878,720 bytes beschikbaar

282 --- E O F --- 2008-05-15 12:11:24

**Pimmerd** · 19-05-08, 09:01

Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

File::
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\menwwlbk.ini
C:\WINDOWS\system32\epaimmcs.dll
C:\WINDOWS\system32\kblwwnem.dll
C:\WINDOWS\system32\qiebcyra.dll
C:\WINDOWS\system32\wvUOhhgF.dll
C:\WINDOWS\system32\rwmutrnx.dll
C:\WINDOWS\system32\ryvlrlmn.dll
C:\WINDOWS\system32\fltoqgdi.dll
C:\WINDOWS\system32\eopdgflg.dll
C:\WINDOWS\system32\iltxpnao.dll
C:\WINDOWS\BM73fc0e3c.xml
C:\WINDOWS\version.exe
C:\WINDOWS\system32\vtUkjhHB.dll
C:\WINDOWS\system32\menwwlbk.tmp
C:\WINDOWS\system32\menwwlbk.ini
C:\WINDOWS\system32\vtUkjhHB.dll
C:\WINDOWS\system32\kblwwnem.dll

Folder::
C:\VundoFix Backups

RENV::
C:\Documents and Settings\Mark\Mijn documenten\Mark\U3 Software\U3 software\Portable Menu's\Ceedo\CeedoInstaller2.1.0.22 .exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ac95d52-de3b-452e-9934-0f887637ffe1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C83DE8F6-32C9-4011-9EF9-66D7B6068435}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE3A39DD-7E69-4197-AEB9-CE7A3F0E02E7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F535AA22-81FC-4ADD-8CF6-D1D9DDE7B56B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"70cf3da0"=-
"BM73fc0e3c"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{F535AA22-81FC-4ADD-8CF6-D1D9DDE7B56B}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUkjhHB]

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

Hoe is het met je problemen?

**markolsthoorn** · 19-05-08, 14:55

Het CFScript verwijderde hij gelijk toen ik hem opsloeg, later niet maar gaf hij een instalatie fout, dus was hij blijkbaar verwijderd terwijl het gebruikt werd. Maar na 3 keer proberen is het volgens mij gelukt.

ComboFix 08-05-15.3 - Mark 2008-05-19 14:42:42.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.1296 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Mark\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mark\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE ::
C:\WINDOWS\BM73fc0e3c.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\eopdgflg.dll
C:\WINDOWS\system32\epaimmcs.dll
C:\WINDOWS\system32\fltoqgdi.dll
C:\WINDOWS\system32\iltxpnao.dll
C:\WINDOWS\system32\kblwwnem.dll
C:\WINDOWS\system32\menwwlbk.ini
C:\WINDOWS\system32\menwwlbk.tmp
C:\WINDOWS\system32\qiebcyra.dll
C:\WINDOWS\system32\rwmutrnx.dll
C:\WINDOWS\system32\ryvlrlmn.dll
C:\WINDOWS\system32\vtUkjhHB.dll
C:\WINDOWS\system32\wvUOhhgF.dll
C:\WINDOWS\version.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\WINDOWS\BM73fc0e3c.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\SW_Win2000X48.DLL
C:\WINDOWS\system32\eopdgflg.dll
C:\WINDOWS\system32\epaimmcs.dll
C:\WINDOWS\system32\FghhOUvw.ini
C:\WINDOWS\system32\FghhOUvw.ini2
C:\WINDOWS\system32\fltoqgdi.dll
C:\WINDOWS\system32\iltxpnao.dll
C:\WINDOWS\system32\menwwlbk.ini
C:\WINDOWS\system32\qeenkmti.ini
C:\WINDOWS\system32\qiebcyra.dll
C:\WINDOWS\system32\rwmutrnx.dll
C:\WINDOWS\system32\ryvlrlmn.dll
C:\WINDOWS\system32\vtUkjhHB.dll
C:\WINDOWS\system32\wvUOhhgF.dll
C:\WINDOWS\version.exe

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-04-19 to 2008-05-19 ))))))))))))))))))))))))))))))
.

2008-05-19 14:34 . 2008-05-19 14:34 124,928 --a------ C:\WINDOWS\system32\pgreielr.dll
2008-05-18 12:43 . 2008-05-18 12:43 <DIR> d-------- C:\Program Files\The Privacy Guard
2008-05-18 00:31 . 2008-05-18 00:31 134,144 --a------ C:\WINDOWS\system32\ewhlygkr.dll
2008-05-18 00:28 . 2008-05-18 00:28 116,224 --a------ C:\WINDOWS\system32\itmkneeq.dll
2008-05-18 00:23 . 2008-05-18 00:23 125,952 --a------ C:\WINDOWS\system32\chttqelb.dll
2008-05-17 14:39 . 2008-05-17 14:39 <DIR> d-------- C:\Documents and Settings\Mark\DoctorWeb
2008-05-16 17:06 . 2008-05-16 17:23 <DIR> d-------- C:\Documents and Settings\Mark\.housecall6.6
2008-05-16 17:06 . 2008-05-16 17:06 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-05-16 16:15 . 2008-05-16 16:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-16 16:15 . 2008-05-16 16:15 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\Malwarebytes
2008-05-16 16:15 . 2008-05-16 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-16 16:15 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-16 16:15 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-16 08:19 . 2008-05-16 08:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-15 20:22 . 2008-05-15 20:22 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2008-05-15 20:22 . 2008-05-15 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2008-05-15 20:22 . 2005-10-08 16:10 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-15 20:22 . 2005-10-08 16:10 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-15 20:22 . 2005-10-12 22:10 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2008-05-15 17:35 . 2008-05-15 17:54 <DIR> d-------- C:\WINDOWS\vf_hip
2008-05-15 17:35 . 2008-05-15 17:36 <DIR> d-------- C:\Program Files\Hide IP Platinum
2008-05-15 17:35 . 2008-05-15 17:35 32 --a------ C:\WINDOWS\go
2008-05-05 13:09 . 2008-04-08 20:17 <DIR> d--h----- C:\Documents and Settings\Gast\Sjablonen
2008-05-05 13:09 . 2008-05-13 17:18 <DIR> dr-h----- C:\Documents and Settings\Gast\Onlangs geopend
2008-05-05 13:09 . 2008-04-08 22:09 <DIR> d--h----- C:\Documents and Settings\Gast\Netwerkprinteromgeving
2008-05-05 13:09 . 2008-05-13 17:17 <DIR> dr------- C:\Documents and Settings\Gast\Mijn documenten
2008-05-05 13:09 . 2008-04-08 22:09 <DIR> dr------- C:\Documents and Settings\Gast\Menu Start
2008-05-05 13:09 . 2008-05-05 13:09 <DIR> dr------- C:\Documents and Settings\Gast\Favorieten
2008-05-05 13:09 . 2008-04-08 22:09 <DIR> d-------- C:\Documents and Settings\Gast\Bureaublad
2008-05-05 13:09 . 2008-05-05 13:09 <DIR> d-------- C:\Documents and Settings\Gast
2008-05-05 13:09 . 2008-05-19 14:48 1,024 --ah----- C:\Documents and Settings\Gast\NtUser.dat.LOG
2008-05-04 22:14 . 2008-05-04 22:14 9,539,884 --a------ C:\Call.of.Duty.4.Modern.Warfare.7z
2008-05-02 19:48 . 2008-05-02 19:48 34 --a------ C:\.shadow
2008-05-01 19:02 . 2008-05-01 19:02 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-26 13:28 . 2008-04-26 13:28 <DIR> d-------- C:\Program Files\Softinterface, Inc
2008-04-24 22:50 . 2008-04-24 22:51 <DIR> d-------- C:\Program Files\eMule
2008-04-21 19:15 . 2008-04-30 21:39 63,488 --a------ C:\WINDOWS\system32\ieframe.oca
2008-04-21 19:08 . 2008-04-26 12:54 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\LimeWire
2008-04-21 19:07 . 2008-04-21 19:08 <DIR> d-------- C:\Program Files\LimeWire
2008-04-20 19:06 . 2008-05-02 19:56 <DIR> d-------- C:\Program Files\WarRock
2008-04-20 18:30 . 2008-04-20 18:30 <DIR> d-------- C:\WINDOWS\.jagex_cache_32

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 10:22 --------- d-----w C:\Documents and Settings\Mark\Application Data\GrabIt
2008-05-17 16:52 --------- d-----w C:\Program Files\Cheat Engine
2008-05-15 15:22 --------- d-----w C:\Documents and Settings\Mark\Application Data\uTorrent
2008-05-08 20:01 --------- d-----w C:\Documents and Settings\Mark\Application Data\FileZilla
2008-05-06 19:17 --------- d-----w C:\Program Files\Launch Manager
2008-05-02 17:57 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-20 17:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-18 18:22 --------- d-----w C:\Program Files\ESET
2008-04-17 19:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-17 19:11 --------- d-----w C:\Program Files\TmNationsForever
2008-04-17 16:20 --------- d-----w C:\Program Files\Hide My IP 2007
2008-04-16 07:54 --------- d-----w C:\Program Files\Common Files\Vbox
2008-04-16 07:53 --------- d-----w C:\Program Files\Macromedia
2008-04-15 17:30 --------- d-----w C:\Documents and Settings\Mark\Application Data\Xfire
2008-04-15 17:09 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-15 17:09 --------- d-----w C:\Program Files\Windows Live
2008-04-15 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-15 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-04-15 11:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-15 11:52 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-04-13 11:54 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-04-11 20:44 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-04-11 20:41 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-11 20:41 --------- d-----w C:\Program Files\Ahead
2008-04-11 19:55 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-04-11 19:32 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2008-04-11 19:22 --------- d-----w C:\Program Files\PSPad editor
2008-04-11 19:22 --------- d-----w C:\Documents and Settings\Mark\Application Data\PSpad
2008-04-11 18:57 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-11 16:55 22,328 ----a-w C:\Documents and Settings\Mark\Application Data\PnkBstrK.sys
2008-04-11 16:41 --------- d-----w C:\Documents and Settings\Mark\Application Data\TeamViewer
2008-04-11 16:18 --------- d-----w C:\Program Files\Activision
2008-04-11 16:15 --------- d-----w C:\Program Files\TeamViewer3
2008-04-10 18:29 --------- d-----w C:\Program Files\Xfire
2008-04-10 17:50 --------- d-----w C:\Program Files\directx
2008-04-10 17:44 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-10 17:38 --------- d-----w C:\Program Files\QuickPar
2008-04-10 17:22 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-04-10 17:22 --------- d-----w C:\Documents and Settings\Mark\Application Data\SystemRequirementsLab
2008-04-10 14:45 --------- d-----w C:\Program Files\Web Publish
2008-04-10 14:04 --------- d-----w C:\Program Files\RimArts
2008-04-10 13:53 --------- d-----w C:\Documents and Settings\Mark\Application Data\G-Lock Software
2008-04-10 13:38 --------- d-----w C:\Program Files\Java
2008-04-10 13:35 --------- d-----w C:\Program Files\Common Files\Java
2008-04-10 13:34 --------- d-----w C:\Program Files\Email-Business
2008-04-09 19:30 --------- d-----w C:\Program Files\FTDv3.8
2008-04-09 19:21 --------- d-----w C:\Program Files\GrabIt
2008-04-09 19:12 --------- d-----w C:\Documents and Settings\Mark\Application Data\vlc
2008-04-09 19:11 --------- d-----w C:\Program Files\VideoLAN
2008-04-09 19:11 --------- d-----w C:\Program Files\uTorrent
2008-04-08 19:52 --------- d-----w C:\Documents and Settings\Mark\Application Data\Nexon
2008-04-08 19:51 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-04-08 19:09 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-04-08 19:09 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-04-08 18:59 --------- d-----w C:\Program Files\Common Files\snp2uvc
2008-04-08 18:58 --------- d-----w C:\Program Files\Acer
2008-04-08 18:57 --------- d-----w C:\Program Files\Broadcom
2008-04-08 18:56 --------- d-----w C:\Program Files\Atheros
2008-04-08 18:55 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-08 18:55 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-04-08 18:55 --------- d-----w C:\Program Files\Synaptics
2008-04-08 18:55 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-08 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Atheros
2008-04-08 18:54 --------- d-----w C:\Program Files\CONEXANT
2008-04-08 18:54 --------- d-----w C:\Program Files\Apoint2K
2008-04-08 18:52 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-04-08 18:52 --------- d-----w C:\Program Files\Realtek
2008-04-08 18:50 --------- d-----w C:\Program Files\DIFX
2008-04-08 18:49 --------- d-----w C:\Documents and Settings\Mark\Application Data\InstallShield
2008-04-08 18:22 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((( [email protected]_13.43.18.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-17 11:39:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-19 12:48:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-17 11:11:16 60,958 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-19 12:36:35 60,958 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-17 11:11:16 80,140 ----a-w C:\WINDOWS\system32\perfc013.dat
+ 2008-05-19 12:36:35 80,140 ----a-w C:\WINDOWS\system32\perfc013.dat
- 2008-05-17 11:11:16 400,798 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-19 12:36:35 400,798 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-17 11:11:16 465,342 ----a-w C:\WINDOWS\system32\perfh013.dat
+ 2008-05-19 12:36:35 465,342 ----a-w C:\WINDOWS\system32\perfh013.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{015721c0-1d3b-4f3f-9645-17ec0ef4037a}]
2008-05-18 00:31 134144 --a------ C:\WINDOWS\system32\ewhlygkr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"ThePrivacyGuard"="C:\PROGRA~1\THEPRI~1\THEPRI~1.exe" [2007-05-15 15:02 2127360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-23 23:11 8433664]
"nwiz"="nwiz.exe" [2007-07-23 23:12 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-07-23 23:11 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-23 23:12 16342528 C:\WINDOWS\RTHDCPL.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-07-23 23:12 159744]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-23 23:13 827392]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-07-23 23:13 752136]
"BroadcomWireless"="C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe" [ ]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-08 21:09 950664]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Mark^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]
path=C:\Documents and Settings\Mark\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Mark^Menu Start^Programma's^Opstarten^Xfire.lnk]
path=C:\Documents and Settings\Mark\Menu Start\Programma's\Opstarten\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\UnrealTournament\\System\\UnrealTournament.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\\Program Files\\eMule\\emule.exe"=

R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-07-23 23:11]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 14:48:29
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\Mark\LOCALS~1\temp\RtkBtMnt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\Windows-KB890830-V1.41-delta.exe
C:\1df4fcb29274f40adaa2d016bca8\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
.
**************************************************************************
.
Voltooingstijd: 2008-05-19 14:53:22 - machine was rebooted [Mark]
ComboFix-quarantined-files.txt 2008-05-19 12:53:18
ComboFix2.txt 2008-05-17 22:20:41
ComboFix3.txt 2008-05-17 11:45:00

Pre-Run: 93,314,379,776 bytes beschikbaar
Post-Run: 93,255,626,752 bytes beschikbaar

259 --- E O F --- 2008-05-15 12:11:24

Ik heb nog geen problemen gehad, maar de pc staat ook nu pas net 2 minuten aan.

**Pimmerd** · 19-05-08, 23:36

Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

File::
C:\WINDOWS\system32\pgreielr.dll
C:\WINDOWS\system32\ewhlygkr.dll
C:\WINDOWS\system32\itmkneeq.dll
C:\WINDOWS\system32\chttqelb.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{015721c0-1d3b-4f3f-9645-17ec0ef4037a}]

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.

**markolsthoorn** · 20-05-08, 16:44

Bedankt, ik heb hier weer een log

ComboFix 08-05-15.3 - Mark 2008-05-20 16:40:06.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.1210 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Mark\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mark\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE ::
C:\WINDOWS\system32\chttqelb.dll
C:\WINDOWS\system32\ewhlygkr.dll
C:\WINDOWS\system32\itmkneeq.dll
C:\WINDOWS\system32\pgreielr.dll
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\chttqelb.dll
C:\WINDOWS\system32\ewhlygkr.dll
C:\WINDOWS\system32\itmkneeq.dll
C:\WINDOWS\system32\pgreielr.dll

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-04-20 to 2008-05-20 ))))))))))))))))))))))))))))))
.

2008-05-18 12:43 . 2008-05-19 18:27 <DIR> d-------- C:\Program Files\The Privacy Guard
2008-05-17 14:39 . 2008-05-17 14:39 <DIR> d-------- C:\Documents and Settings\Mark\DoctorWeb
2008-05-16 17:06 . 2008-05-16 17:23 <DIR> d-------- C:\Documents and Settings\Mark\.housecall6.6
2008-05-16 17:06 . 2008-05-16 17:06 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-05-16 16:15 . 2008-05-16 16:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-16 16:15 . 2008-05-16 16:15 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\Malwarebytes
2008-05-16 16:15 . 2008-05-16 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-16 16:15 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-16 16:15 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-16 08:19 . 2008-05-16 08:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-15 20:22 . 2008-05-15 20:22 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2008-05-15 20:22 . 2008-05-15 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2008-05-15 20:22 . 2005-10-08 16:10 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-15 20:22 . 2005-10-08 16:10 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-15 20:22 . 2005-10-12 22:10 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2008-05-15 17:35 . 2008-05-15 17:54 <DIR> d-------- C:\WINDOWS\vf_hip
2008-05-15 17:35 . 2008-05-15 17:36 <DIR> d-------- C:\Program Files\Hide IP Platinum
2008-05-15 17:35 . 2008-05-15 17:35 32 --a------ C:\WINDOWS\go
2008-05-14 03:29 . 2008-05-14 03:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-05-05 13:09 . 2008-04-08 20:17 <DIR> d--h----- C:\Documents and Settings\Gast\Sjablonen
2008-05-05 13:09 . 2008-05-13 17:18 <DIR> dr-h----- C:\Documents and Settings\Gast\Onlangs geopend
2008-05-05 13:09 . 2008-04-08 22:09 <DIR> d--h----- C:\Documents and Settings\Gast\Netwerkprinteromgeving
2008-05-05 13:09 . 2008-05-13 17:17 <DIR> dr------- C:\Documents and Settings\Gast\Mijn documenten
2008-05-05 13:09 . 2008-04-08 22:09 <DIR> dr------- C:\Documents and Settings\Gast\Menu Start
2008-05-05 13:09 . 2008-05-05 13:09 <DIR> dr------- C:\Documents and Settings\Gast\Favorieten
2008-05-05 13:09 . 2008-04-08 22:09 <DIR> d-------- C:\Documents and Settings\Gast\Bureaublad
2008-05-05 13:09 . 2008-05-05 13:09 <DIR> d-------- C:\Documents and Settings\Gast
2008-05-05 13:09 . 2008-05-20 16:09 1,024 --ah----- C:\Documents and Settings\Gast\NtUser.dat.LOG
2008-05-04 22:14 . 2008-05-04 22:14 9,539,884 --a------ C:\Call.of.Duty.4.Modern.Warfare.7z
2008-05-02 19:48 . 2008-05-02 19:48 34 --a------ C:\.shadow
2008-05-01 19:02 . 2008-05-01 19:02 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-26 13:28 . 2008-04-26 13:28 <DIR> d-------- C:\Program Files\Softinterface, Inc
2008-04-24 22:50 . 2008-04-24 22:51 <DIR> d-------- C:\Program Files\eMule
2008-04-21 19:15 . 2008-04-30 21:39 63,488 --a------ C:\WINDOWS\system32\ieframe.oca
2008-04-21 19:08 . 2008-04-26 12:54 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\LimeWire
2008-04-21 19:07 . 2008-04-21 19:08 <DIR> d-------- C:\Program Files\LimeWire
2008-04-20 19:06 . 2008-05-02 19:56 <DIR> d-------- C:\Program Files\WarRock
2008-04-20 18:30 . 2008-04-20 18:30 <DIR> d-------- C:\WINDOWS\.jagex_cache_32

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 14:12 --------- d-----w C:\Program Files\Xfire
2008-05-20 14:11 --------- d-----w C:\Documents and Settings\Mark\Application Data\Xfire
2008-05-18 10:22 --------- d-----w C:\Documents and Settings\Mark\Application Data\GrabIt
2008-05-17 16:52 --------- d-----w C:\Program Files\Cheat Engine
2008-05-15 15:22 --------- d-----w C:\Documents and Settings\Mark\Application Data\uTorrent
2008-05-08 20:01 --------- d-----w C:\Documents and Settings\Mark\Application Data\FileZilla
2008-05-06 19:17 --------- d-----w C:\Program Files\Launch Manager
2008-05-02 17:57 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-02 17:57 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-25 08:36 98,304 ----a-w C:\WINDOWS\system32\DVM.dll
2008-04-22 21:13 219,136 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-04-20 17:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-18 18:22 --------- d-----w C:\Program Files\ESET
2008-04-17 19:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-17 19:11 --------- d-----w C:\Program Files\TmNationsForever
2008-04-17 16:20 --------- d-----w C:\Program Files\Hide My IP 2007
2008-04-16 07:54 --------- d-----w C:\Program Files\Common Files\Vbox
2008-04-16 07:53 --------- d-----w C:\Program Files\Macromedia
2008-04-15 17:09 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-15 17:09 --------- d-----w C:\Program Files\Windows Live
2008-04-15 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-15 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-04-15 11:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-15 11:52 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-04-13 11:54 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-04-12 12:39 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-11 20:44 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-04-11 20:41 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-11 20:41 --------- d-----w C:\Program Files\Ahead
2008-04-11 19:55 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-04-11 19:32 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2008-04-11 19:22 --------- d-----w C:\Program Files\PSPad editor
2008-04-11 19:22 --------- d-----w C:\Documents and Settings\Mark\Application Data\PSpad
2008-04-11 18:57 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-11 16:55 22,328 ----a-w C:\Documents and Settings\Mark\Application Data\PnkBstrK.sys
2008-04-11 16:41 --------- d-----w C:\Documents and Settings\Mark\Application Data\TeamViewer
2008-04-11 16:18 --------- d-----w C:\Program Files\Activision
2008-04-11 16:15 --------- d-----w C:\Program Files\TeamViewer3
2008-04-10 17:50 --------- d-----w C:\Program Files\directx
2008-04-10 17:44 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-10 17:38 --------- d-----w C:\Program Files\QuickPar
2008-04-10 17:22 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-04-10 17:22 --------- d-----w C:\Documents and Settings\Mark\Application Data\SystemRequirementsLab
2008-04-10 14:45 --------- d-----w C:\Program Files\Web Publish
2008-04-10 14:04 --------- d-----w C:\Program Files\RimArts
2008-04-10 13:53 --------- d-----w C:\Documents and Settings\Mark\Application Data\G-Lock Software
2008-04-10 13:38 --------- d-----w C:\Program Files\Java
2008-04-10 13:35 --------- d-----w C:\Program Files\Common Files\Java
2008-04-10 13:34 --------- d-----w C:\Program Files\Email-Business
2008-04-09 19:30 --------- d-----w C:\Program Files\FTDv3.8
2008-04-09 19:21 --------- d-----w C:\Program Files\GrabIt
2008-04-09 19:12 --------- d-----w C:\Documents and Settings\Mark\Application Data\vlc
2008-04-09 19:11 --------- d-----w C:\Program Files\VideoLAN
2008-04-09 19:11 --------- d-----w C:\Program Files\uTorrent
2008-04-08 19:52 --------- d-----w C:\Documents and Settings\Mark\Application Data\Nexon
2008-04-08 19:51 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-04-08 19:09 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-04-08 19:09 299,392 ----a-w C:\WINDOWS\system32\imon.dll
2008-04-08 19:09 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-04-08 18:59 --------- d-----w C:\Program Files\Common Files\snp2uvc
2008-04-08 18:58 --------- d-----w C:\Program Files\Acer
2008-04-08 18:57 --------- d-----w C:\Program Files\Broadcom
2008-04-08 18:56 --------- d-----w C:\Program Files\Atheros
2008-04-08 18:55 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-08 18:55 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-04-08 18:55 --------- d-----w C:\Program Files\Synaptics
2008-04-08 18:55 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-08 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Atheros
2008-04-08 18:54 --------- d-----w C:\Program Files\CONEXANT
2008-04-08 18:54 --------- d-----w C:\Program Files\Apoint2K
2008-04-08 18:52 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-04-08 18:52 --------- d-----w C:\Program Files\Realtek
2008-04-08 18:50 --------- d-----w C:\Program Files\DIFX
2008-04-08 18:49 --------- d-----w C:\Documents and Settings\Mark\Application Data\InstallShield
2008-04-08 18:22 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((( [email protected]_13.43.18.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-17 11:39:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-20 14:09:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-05 20:56:22 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-05-17 11:11:16 60,958 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-20 14:14:03 60,958 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-17 11:11:16 80,140 ----a-w C:\WINDOWS\system32\perfc013.dat
+ 2008-05-20 14:14:03 80,140 ----a-w C:\WINDOWS\system32\perfc013.dat
- 2008-05-17 11:11:16 400,798 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-20 14:14:03 400,798 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-17 11:11:16 465,342 ----a-w C:\WINDOWS\system32\perfh013.dat
+ 2008-05-20 14:14:03 465,342 ----a-w C:\WINDOWS\system32\perfh013.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"ThePrivacyGuard"="C:\PROGRA~1\THEPRI~1\THEPRI~1.exe" [2007-05-15 15:02 2127360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-23 23:11 8433664]
"nwiz"="nwiz.exe" [2007-07-23 23:12 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-07-23 23:11 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-23 23:12 16342528 C:\WINDOWS\RTHDCPL.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-07-23 23:12 159744]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-23 23:13 827392]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-07-23 23:13 752136]
"BroadcomWireless"="C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe" [ ]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-08 21:09 950664]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Mark^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]
path=C:\Documents and Settings\Mark\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Mark^Menu Start^Programma's^Opstarten^Xfire.lnk]
path=C:\Documents and Settings\Mark\Menu Start\Programma's\Opstarten\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\UnrealTournament\\System\\UnrealTournament.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\\Program Files\\eMule\\emule.exe"=

R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-07-23 23:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{445fd816-0599-11dd-a535-e6cea9aab469}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 16:42:36
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-05-20 16:43:56
ComboFix-quarantined-files.txt 2008-05-20 14:43:47
ComboFix2.txt 2008-05-19 12:53:22
ComboFix3.txt 2008-05-17 22:20:41
ComboFix4.txt 2008-05-17 11:45:00

Pre-Run: 93,141,176,320 bytes beschikbaar
Post-Run: 93,139,865,600 bytes beschikbaar

232 --- E O F --- 2008-05-19 12:53:44

**Pimmerd** · 20-05-08, 19:41

Post even een nieuw Hijackthis logje.

**markolsthoorn** · 20-05-08, 22:22

Hier is hij, ik heb geen klachten meer met de pc. Hij loopt weer aardig goed naar mijn idee.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:26, on 20-5-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [BroadcomWireless] C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ThePrivacyGuard] "C:\PROGRA~1\THEPRI~1\THEPRI~1.EXE" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 4848 bytes

**Pimmerd** · 20-05-08, 23:42

Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O4 - HKCU\..\Run: [ThePrivacyGuard] "C:\PROGRA~1\THEPRI~1\THEPRI~1.EXE" /startup

Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

Herstart je PC en post een Hijackthis logje ter controle.

Mededeling

Spyware/Reclame

Spyware/Reclame

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment