Msn virus ...

19 maart 2008

Jep ik ook, hier is men log en dank bij voorbaat !

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 10:40:24, on 19-3-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\VIAudioi\SBADeck\ADeck.exe

C:\WINDOWS\CameraFixer.exe

C:\WINDOWS\vsnpstd.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\Xfire\Xfire.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\Documents and Settings\Kevin\Bureaublad\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Kevin\LOCALS~1\Temp\services.exe

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [TXP] c:\program files\topthemesxp\txp.exe

O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [nvchost] C:\WINDOWS\winlogon.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\Kevin\LOCALS~1\Temp\services.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [Corn size] C:\DOCUME~1\Kevin\APPLIC~1\16Comp\type memo.exe

O4 - HKCU\..\Run: [Warez] "C:\Program Files\Warez\Warez.exe" /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://akidfjdada.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://akidfjdada.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--

End of file - 8309 bytes

kape · 19 maart 2008

Verwijder je MSN (en eventueel alle andere Messengers).

Download Combofix en zet het op je Bureaublad.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

F2 - REGystem.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUM E~1\Kevin\LOCALS~1\Temp\services.exe

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O4 - HKLM\..\Run: [nvchost] C:\WINDOWS\winlogon.exe

O4 - HKCU\..\Run: [Corn size] C:\DOCUME~1\Kevin\APPLIC~1\16Comp\type memo.exe

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

Hang aan een volgend bericht een nieuw log van HJT en het log van Combofix.

19 maart 2008

Ik heb alles gedaan zoals gezegt zonder problemen ... dit zijn de nieuwe logs en bedankt !

ComboFix 08-03-18.1 - Kevin 2008-03-19 11:20:28.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.544 [GMT 1:00]

Gestart vanuit: C:\Documents and Settings\Kevin\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\Dcads Advanced Toolbar

C:\Program Files\Dcads Advanced Toolbar\buttons.xml

C:\Program Files\Dcads Advanced Toolbar\search.xml

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))

.

2008-03-19 11:24 . 2008-03-19 11:24 9,296 --a------ C:\Documents and Settings\Kevin\fvzubi.exe

2008-03-19 11:19 . 2008-03-19 11:19 <DIR> d-------- C:\ComboFix(3)

2008-03-19 11:19 . 2008-03-19 11:19 <DIR> d-------- C:\ComboFix(2)

2008-03-18 21:58 . 2008-03-18 23:03 <DIR> d-------- C:\Documents and Settings\Kevin\MSN logs

2008-03-18 08:59 . 2008-03-18 08:59 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7

2008-03-18 08:59 . 2008-03-18 09:00 <DIR> d-------- C:\Documents and Settings\Kevin\Application Data\AVG7

2008-03-18 08:59 . 2008-03-18 08:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-03-18 00:15 . 2008-03-18 00:15 244 --ah----- C:\sqmnoopt00.sqm

2008-03-18 00:15 . 2008-03-18 00:15 232 --ah----- C:\sqmdata00.sqm

2008-03-18 00:08 . 2008-03-18 09:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7

2008-03-17 20:37 . 2008-03-17 20:37 <DIR> d-------- C:\Program Files\CleanMyPC

2008-03-15 18:49 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-03-15 18:45 . 2008-03-19 10:38 <DIR> d-------- C:\Program Files\Windows Live

2008-03-15 18:45 . 2008-03-15 18:47 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-15 18:45 . 2008-03-15 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-03-15 16:31 . 2008-03-15 16:31 <DIR> d-------- C:\SAV32CLI

2008-03-14 00:06 . 2008-03-14 00:06 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll

2008-03-05 20:15 . 2008-03-05 20:15 2,563 --a------ C:\WINDOWS\image.jpg

2008-03-02 15:55 . 2008-03-02 15:55 <DIR> d-------- C:\ijji

2008-03-02 15:52 . 2008-03-02 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame

2008-03-02 12:18 . 2008-03-17 08:28 8,192 --ahs---- C:\WINDOWS\Thumbs.db

2008-02-27 21:47 . 2008-02-27 21:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-19 09:31 --------- d-----w C:\Program Files\Steam

2008-03-18 08:09 --------- d-----w C:\Program Files\SQLyog Enterprise Trial

2008-03-18 08:07 --------- d-----w C:\Program Files\Windows Live Toolbar

2008-03-18 08:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-03-17 23:05 --------- d-s---w C:\Program Files\Xfire

2008-03-17 23:05 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Xfire

2008-03-17 22:47 --------- d-----w C:\Documents and Settings\Kevin\Application Data\SQLyog

2008-03-17 19:43 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-17 07:29 --------- d-----w C:\Program Files\QuickTime

2008-03-04 07:34 --------- d-----w C:\Program Files\mIRC

2008-03-02 19:18 --------- d-----w C:\Program Files\Winamp

2008-03-02 14:53 --------- d--h--w C:\Documents and Settings\Kevin\Application Data\ijjigame

2008-03-02 11:18 --------- d-----w C:\Program Files\World of Warcraft

2008-03-02 11:18 --------- d-----w C:\Program Files\Windows Media Connect 2

2008-03-02 11:18 --------- d-----w C:\Program Files\DivX

2008-03-01 19:02 --------- d-----w C:\Program Files\Soulseek-Test

2008-02-27 20:47 --------- d-----w C:\Program Files\Ventrilo

2008-02-05 16:36 --------- d-----w C:\Program Files\Common Files\INCA Shared

2008-02-05 16:26 --------- d-----w C:\Program Files\ATI Technologies

2008-02-05 16:22 --------- d-----w C:\Documents and Settings\Kevin\Application Data\ATI

2008-02-05 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI

2008-02-05 16:12 --------- d-----w C:\Program Files\Common Files\ATI Technologies

2006-09-22 16:46 1,986,018 ----a-w C:\Documents and Settings\Kevin\WoW-1.12.0.5595-to-0.12.1.5803-enGB-patch.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]

"Steam"="c:\program files\steam\steam.exe" [2007-11-30 08:36 1266936]

"Warez"="C:\Program Files\Warez\Warez.exe" [ ]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-03-04 14:20 512000]

"TXP"="c:\program files\topthemesxp\txp.exe" [ ]

"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-12-06 12:08 20480]

"snpstd"="C:\WINDOWS\vsnpstd.exe" [2005-10-11 12:54 339968]

"ZDConfig"="" []

"Cmaudio"="cmicnfg.cpl" []

"nvchost"="C:\WINDOWS\winlogon.exe" [ ]

"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" [ ]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-18 08:59 579072]

"Flash Media"="C:\DOCUME~1\Kevin\LOCALS~1\Temp\services.exe" [2008-03-05 20:15 64156]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-18 08:59 219136]

C:\Documents and Settings\Kevin\Menu Start\Programma's\Opstarten\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2008-03-14 00:06:18 2979664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="logonui.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Xfire\\Xfire.exe"=

"C:\\Program Files\\Steam\\SteamApps\\baboonski_90@msn.com\\half-life\\hl.exe"=

"C:\\Program Files\\mIRC\\mirc.exe"=

"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enGB-downloader.exe"=

"C:\\Program Files\\Steam\\SteamApps\\joerre\\counter-strike\\hl.exe"=

"C:\\Program Files\\Warcraft III Demo\\War3Demo.exe"=

"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=

"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.6.6337-enGB-downloader.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enGB-downloader.exe"=

"C:\\Program Files\\Steam\\SteamApps\\joerre\\condition zero\\hl.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe"=

"C:\\Program Files\\Steam\\SteamApps\\de yurie\\counter-strike\\hl.exe"=

"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"C:\\Program Files\\Steam\\SteamApps\\dalidake\\counter-strike\\hl.exe"=

"C:\\Program Files\\Soulseek-Test\\slsk.exe"=

"C:\\Program Files\\Steam\\steam.exe"=

"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=

"C:\\Program Files\\World of Warcraft\\Repair.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Steam\\SteamApps\\jakke777\\counter-strike\\hl.exe"=

"C:\\DOCUME~1\\Kevin\\LOCALS~1\\Temp\\services.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"23081:TCP"= 23081:TCP:BitComet 23081 TCP

"23081:UDP"= 23081:UDP:BitComet 23081 UDP

"13036:TCP"= 13036:TCP:BitComet 13036 TCP

"13036:UDP"= 13036:UDP:BitComet 13036 UDP

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt []

S3 f9ecbhcc;f9ecbhcc;C:\DOCUME~1\Kevin\LOCALS~1\Temp\75JWW1jZ []

S3 gel90xne;gel90xne;C:\DOCUME~1\Kevin\LOCALS~1\Temp\gel90xne.sys []

S3 SQTECH9150;Mini Cam;C:\WINDOWS\system32\Drivers\Capt9150.sys [2004-04-01 15:30]

S3 tcpip_patcher;tcpip_patcher;C:\Program Files\Warez\tcpip_patcher.sys []

S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 15:49]

S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);C:\WINDOWS\system32\DRIVERS\zd1201u.sys [2003-06-12 07:54]

.

Inhoud van de 'Gedeelde Taken' map

"2008-03-03 21:48:41 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-19 11:24:47

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

? [1952]

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\f9ecbhcc]

"ImagePath"="\??\C:\DOCUME~1\Kevin\LOCALS~1\Temp\75JWW1jZ"

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\WgaTray.exe

.

**************************************************************************

.

Voltooingstijd: 2008-03-19 11:26:52 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-19 10:26:49

.

2008-03-17 23:14:56 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 11:36:07, on 19-3-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\explorer.exe