Mededeling

**Blackbird** · 23-05-08, 20:40

Hoi,

Ik ga even voor je kijken.

**Th3avatar** · 23-05-08, 20:41

kben net ook Malwarebytes aan t scannen, maar tot nu toe nog niets...

EDIT:
met Malwarebytes heb ik er nog 6 gevonden, en lijkt mn internet weer normaal te werken
met netstat lijkt er ook niets verdachts aanwezig te zijn...
hieronder nog ff:

Proto Lokaal adres Extern adres Status
TCP Computer:1031 localhost:1032 ESTABLISHED
TCP Computer:1032 localhost:1031 ESTABLISHED
TCP Computer:1033 localhost:1034 ESTABLISHED
TCP Computer:1034 localhost:1033 ESTABLISHED
TCP Computer:1068 by2msg1104213.phx.gbl:1863 ESTABLISHE
TCP Computer:1118 nhserver.blackgate.nl:http TIME_WAIT
TCP Computer:1120 nhserver.blackgate.nl:http TIME_WAIT
TCP Computer:1121 nhserver.blackgate.nl:http TIME_WAIT
TCP Computer:1124 nhserver.blackgate.nl:http TIME_WAIT
TCP Computer:1126 nhserver.blackgate.nl:http LAST_ACK
TCP Computer:1128 nhserver.blackgate.nl:http TIME_WAIT

ik weet alleen niet wat die blackgate is... zou dat jullie site kunnen zijn? :P
Maar verder geen irritante pop ups meer, etc etc
Nog bedankt voor de moeite

**Blackbird** · 23-05-08, 21:20

Hoi,

Welkom op Nucia.nl!

Volg deze instructies om ComboFix te downloaden.
Voer de instructies op die pagina uit, inclusief het installeren van de XP Recovery Console.

Indien je ComboFix al eerder hebt gebruikt, gelieve die versie te verwijderen en ComboFix opnieuw te downloaden via de bovenstaande link. ComboFix wordt namelijk bijna dagelijks geupdate.

Als je tijdens of na het downloaden van ComboFix of tijdens het gebruik van ComboFix een melding krijgt van je antivirus-of een andere scanner, schakel dan deze scanner uit en download ComboFix opnieuw. Sommige scanners zien bepaalde componenten die ComboFix gebruikt als verdacht en gaan deze blokkeren of verwijderen.

Dubbelklik op ComboFix.exe om ComboFix te openen.
Volg de instructies en aanvaard de disclaimer door op "Ja" te klikken.
Klik tijdens het draaien van ComboFix NIET in het venster, dit kan je systeem doen vastlopen.

Wanneer ComboFix klaar is en eventueel na herstart zal er een log (ComboFix.txt) openen.
Post deze samen met een nieuw logje van HijackThis in je volgende reactie.

Hoe staat het met de problemen?

**Th3avatar** · 23-05-08, 21:26

Die zijn allemaal opgelost

THX iig

**Blackbird** · 23-05-08, 21:27

Zou ik even de logs van ComboFix en HijackThis mogen? Er kunnen nog resten zitten.

**Th3avatar** · 23-05-08, 21:28

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:12, on 23-5-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sybren\Bureaublad\Favorieten\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {0CF5D165-517E-48B6-B3C7-3054A24F8BF6} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: {5842d6ca-233d-e9c8-5334-e26b4b3cc1cc} - {cc1cc3b4-b62e-4335-8c9e-d332ac6d2485} - C:\WINDOWS\system32\iwovsfwu.dll
O2 - BHO: (no name) - {EEB8CC03-493D-4CD0-AD68-DB1CCC9D1333} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [XpDis0Conf] C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe VEN_14E4&DEV_4320&SUBSYS_70011799 /d
O4 - HKLM\..\Run: [ISP] C:\Program Files\Sony\ISPselector\ISPselector.exe /SCHEDULER
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204408921945
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204409488437
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: jkkHYrSJ - jkkHYrSJ.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7371 bytes

**Blackbird** · 23-05-08, 21:33

En de log van ComboFix?

**Th3avatar** · 23-05-08, 21:34

ComboFix 08-05-21.3 - sybren 2008-05-23 21:29:36.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.160 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\sybren\Bureaublad\Favorieten\ComboFix.exe
* Resident AV is active

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM2b3d6e1d.xml
C:\WINDOWS\pskt.ini

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))
.

2008-05-23 21:18 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-05-23 21:15 . 2008-05-23 21:15 <DIR> d-------- C:\Program Files\ESET
2008-05-23 21:15 . 2008-05-23 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-05-23 20:26 . 2008-05-23 20:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-23 20:26 . 2008-05-23 20:26 <DIR> d-------- C:\Documents and Settings\sybren\Application Data\Malwarebytes
2008-05-23 20:26 . 2008-05-23 20:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-23 20:26 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-23 20:26 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-23 19:31 . 2008-05-23 19:31 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-23 19:31 . 2008-05-23 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-23 19:04 . 2008-05-23 21:21 <DIR> dr-h----- C:\Documents and Settings\sybren\Onlangs geopend
2008-05-23 17:36 . 2008-05-23 17:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-23 16:52 . 2008-05-23 16:52 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-23 16:45 . 2008-05-23 17:11 <DIR> d-------- C:\SDFix
2008-05-23 16:20 . 2008-05-23 16:20 114,176 --a------ C:\WINDOWS\system32\slhsvwij.dll
2008-05-23 16:17 . 2008-05-23 16:17 136,192 --a------ C:\WINDOWS\system32\iwovsfwu.dll
2008-05-23 15:37 . 2008-05-23 15:37 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-23 15:37 . 2008-05-23 15:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-23 15:14 . 2008-05-23 17:57 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-23 15:14 . 2008-05-23 15:14 <DIR> d-------- C:\Documents and Settings\sybren\Application Data\PC Tools
2008-05-23 15:14 . 2008-05-23 19:03 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-23 15:14 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-23 15:14 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-23 15:14 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-23 15:14 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-23 07:50 . 2008-05-23 07:50 19,456 --a------ C:\WINDOWS\system32\drvtet.dll
2008-05-23 07:50 . 2008-05-23 07:50 145 --a------ C:\WINDOWS\system32\winver.bat
2008-05-23 07:47 . 2008-05-23 07:47 126,464 --a------ C:\WINDOWS\system32\oyvaxloi.dll
2008-05-22 17:35 . 2008-05-22 17:35 <DIR> d-------- C:\Program Files\ImTOO
2008-05-22 16:58 . 2008-05-22 17:06 <DIR> d-------- C:\divx
2008-05-22 16:43 . 2008-05-22 16:43 <DIR> d-------- C:\Program Files\Xvid
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 15:32 . 2008-05-12 15:32 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-12 15:30 . 2008-05-12 15:30 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-12 15:30 . 2008-05-12 15:31 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-12 14:02 . 2008-05-22 20:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-12 14:02 . 2008-05-12 14:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-11 19:24 . 2008-05-11 20:04 <DIR> d-------- C:\Program Files\YVD
2008-05-11 19:24 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-05-10 22:25 . 2008-05-10 22:25 <DIR> d-------- C:\Documents and Settings\sybren\Application Data\Thinstall
2008-05-10 21:40 . 2008-04-14 22:32 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-10 21:27 . 2006-10-18 21:47 8,231,936 --a------ C:\WINDOWS\system32\wmploc.dll
2008-05-10 21:25 . 2008-04-13 22:06 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-05-10 21:25 . 2008-04-14 00:10 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-05-10 21:23 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003120_.tmp
2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-27 23:46 . 2008-04-28 04:01 <DIR> d-------- C:\Documents and Settings\sybren\Application Data\DivX
2008-04-27 23:45 . 2008-04-27 23:46 <DIR> d-------- C:\Program Files\DivX
2008-04-27 23:45 . 2008-02-21 04:05 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-04-27 23:45 . 2008-02-21 04:05 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-04-27 21:31 . 2008-04-27 21:31 <DIR> d-------- C:\Program Files\Combined Community Codec Pack

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-23 13:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-22 15:48 --------- d-----w C:\Documents and Settings\sybren\Application Data\uTorrent
2008-05-11 16:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-10 19:56 --------- d-----w C:\Program Files\Pcsx2_0.9.4
2008-05-07 18:08 --------- d-----w C:\Documents and Settings\sybren\Application Data\MegauploadToolbar
2008-04-17 21:14 --------- d-----w C:\Program Files\NOCTURNAL
2008-04-16 19:12 --------- d-----w C:\Program Files\TI Education
2008-04-16 19:12 --------- d-----w C:\Program Files\Common Files\TI Shared
2008-04-14 20:49 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 20:36 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 20:32 99,840 ----a-w C:\WINDOWS\system32\winscard.dll
2008-04-14 20:31 763,904 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 20:30 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 20:30 811,064 ----a-w C:\WINDOWS\system32\imjp81k.dll
2008-04-14 20:30 7,168 ----a-w C:\WINDOWS\system32\f3ahvoas.dll
2008-04-14 20:30 3,584 ----a-w C:\WINDOWS\system32\icmp.dll
2008-04-14 20:30 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 20:30 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 20:30 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 20:30 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 20:13 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 20:13 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 20:13 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 20:13 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 20:13 120,448 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 20:11 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 20:11 2,149,888 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 20:11 2,028,544 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 20:10 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 20:10 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 20:09 88,064 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 20:09 25,088 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 20:09 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 20:08 78,336 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 20:08 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 20:08 37,760 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 20:07 566,784 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 20:07 50,176 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 20:07 40,448 ------w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 20:06 65,536 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 20:05 53,504 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 20:05 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 20:04 67,584 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 20:04 58,112 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 20:04 273,536 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 20:04 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 20:04 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 20:03 53,504 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 20:02 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 20:02 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 20:02 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 20:01 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 20:01 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 20:00 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 20:00 23,552 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 20:00 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 22:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 22:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 22:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 22:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 22:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 22:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 22:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 22:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 22:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 22:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 22:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 22:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 22:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 22:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 22:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 22:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 22:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 22:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 22:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 22:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 22:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 22:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 22:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 22:26 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 22:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 22:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 22:26 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 22:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 22:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 22:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 22:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 22:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
.

((((((((((((((((((((((((((((( [email protected]_18.11.15.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-23 16:06:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-23 19:19:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-23 19:16:55 10,134 ----a-r C:\WINDOWS\Installer\{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}\callmsi.exe
+ 2008-05-23 19:16:55 136,448 ----a-r C:\WINDOWS\Installer\{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}\egui.exe
+ 2007-12-21 06:19:54 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
+ 2007-12-21 06:20:14 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
+ 2007-12-21 06:21:56 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CF5D165-517E-48B6-B3C7-3054A24F8BF6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc1cc3b4-b62e-4335-8c9e-d332ac6d2485}]
2008-05-23 16:17 136192 --a------ C:\WINDOWS\system32\iwovsfwu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEB8CC03-493D-4CD0-AD68-DB1CCC9D1333}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:32 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-04-02 15:40 4616192]
"nwiz"="nwiz.exe" [2003-04-02 15:40 323584 C:\WINDOWS\system32\nwiz.exe]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 10:29 40960]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 10:43 88363 C:\WINDOWS\AGRSMMSG.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 13:01 335872]
"XpDis0Conf"="C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe" [2004-02-23 17:51 32768]
"ISP"="C:\Program Files\Sony\ISPselector\ISPselector.exe" [2002-05-21 07:04 1040896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 23:32 208952]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]

C:\Documents and Settings\sybren\Menu Start\Programma's\Opstarten\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHYrSJ]
jkkHYrSJ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-01-15 17:14 147456 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-03-01 23:44 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\YVD\\n00b-IRC.exe"=
"C:\\Program Files\\YVD\\YVD Relay Server.exe"=
"C:\\Program Files\\YVD\\YGO Virtual Desktop V086.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;D:\Program Files\VMLaunch\BuddyVM.sys

.
Inhoud van de 'Gedeelde Taken' map
"2008-05-07 09:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 21:32:20
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-05-23 21:34:19
ComboFix-quarantined-files.txt 2008-05-23 19:34:09
ComboFix2.txt 2008-05-23 16:12:32

Pre-Run: 12,748,902,400 bytes beschikbaar
Post-Run: 12,730,478,592 bytes beschikbaar

273 --- E O F --- 2008-03-01 22:17:10

**smeenk** · 24-05-08, 13:44

Je post je logje op meerdere forums:

HijackThis.nl - Informatie

http://www.hijackthis.nl/forum/viewtopic.php?t=16567

Daarom gaat deze op slot.

Mededeling

Help me pls (log included)

Help me pls (log included)

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment