Ga naar inhoud

[OPGELOST] MSN virus, proberen oplossen, maar nog steeds problemen


Aanbevolen berichten

Hallo, ik ben volledig nieuw op dit forum, maar denk dat ik jullie hulp zeer goed kan gebruiken.

Vandaag (zoals zovele blijkbaar) ook die link doorgekregen via MSN en ja, erop geklikt (how could I be so stupid....)

Spybot Search & Destroy gaf me onmiddellijk een aantal popups (waarden gewijzigd etc).

Panda Antivirus 2008 werd ook gewijzigd (veiligheid gewijzigd naar "laag" ipv "hoog")

Bij het surfen kwam ik niet op de origenele pagina van Yahoo Mail en Facebook terecht. (leek er goed op, maar toch verschillend)

Spybot vond o.a. Virtumonde.dll, verwijderd maar probleem niet echt opgelost

Dan maar op internet gezocht en "Combofix" gevonden en instructies gevolg.

Computer in veilige modus enzo heropgestart. Alles leek normaal: Panda Antivirus 2008 weer ok, websites (Yahoo en Facebook) ook, nogmaals Spybot gerund, maar behalve wat cookies niks gevonden.

Oh ja, MSN/Live Messenger van mijn computer gezwierd.

Telkens wanneer ik nu mijn computer opstart, kreeg ik een popup met de vraag of ik software wil installeren (waarvan geen certificaat beschikbaar is): msn.com van C:\Windows. Ik kan enkel "uitvoeren" of "weigeren".

Ik heb ook met CCleaner al wat opgekuist (instructies van forum) en systeemherstel uit/aangezet.

Nu krijg ik via Spybot popups telkens de melding: waarde gewijzigd in Winlogon Notifiers (tuvTMgFW), aanvaarden of weigeren

Alle hulp is meer dan welkom en alvast SUPER bedankt,

Bart De Ridder

Dit is m'n HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:37, on 2008-03-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

c:\program files\a-squared free\a2service.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\TODDSrv.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\WebProxy.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Documents and Settings\Bartus De Ridder\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

C:\Documents and Settings\Bartus De Ridder\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\msn.com

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\AvltMain.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Windows Live

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll

O2 - BHO: (no name) - {3B378B14-B9A2-4B99-BE09-3FE1666B4784} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Windows live Messenger] msn.com

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Bartus De Ridder\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Bartus De Ridder\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175335457109

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: tuvTMgFW - C:\WINDOWS\SYSTEM32\tuvTMgFW.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--

End of file - 15957 bytes

Link naar reactie
Delen op andere sites

  • Reacties 23
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Geplaatste afbeeldingen

Download VundoFix naar je bureaublad.

[*]Dubbelklik VundoFix.exe om het te starten.

[*]Klik op de Scan for Vundo knop.

[*]Eenmaal gedaan met scannen, klik op de Remove Vundo knop.

[*]Je zal een melding krijgen of je de bestanden wilt laten verwijderen, klik YES

[*]Nadat je Yes hebt geklikt, zullen de icoontjes op je Bureaublad verdwijnen tijdens het verwijderen van Vundo.

[*]Wanneer voltooid zal je de melding krijgen dat het je PC zal afsluiten, klik OK.

[*]Start je pc terug opnieuw op.

Nota: Het is mogelijk dat VundoFix een bestand vindt dat niet kan verwijderd worden.

In dit geval zal VundoFix na het heropstarten van je pc nog eens opstarten. Dan moet je de instructies van hierboven nog eens uitvoeren vanaf: "Klik op Scan for Vundo."

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd (indien nog aanwezig) :

O2 - BHO: (no name) - {3B378B14-B9A2-4B99-BE09-3FE1666B4784} - (no file)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Windows live Messenger] msn.com

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Bartus De Ridder\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en

O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Bartus De Ridder\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab

O20 - Winlogon Notify: tuvTMgFW - C:\WINDOWS\SYSTEM32\tuvTMgFW.dll

Klik op 'Fix checked' om de items te verwijderen.

Verwijder volgend vetgedrukt bestand met Windows Verkenner.

C:\WINDOWS\msn.com

Post de inhoud van C:\vundofix.txt en een nieuwe log van HJT in je volgende bericht en laat meteen eens weten hoe het met de problemen gesteld is ?

Link naar reactie
Delen op andere sites

Beste Kape (sorry, ken uw echte naam niet),

Heb uw instructies opgevolgd, en dit is wat er gebeurd is:

-C:\WINDOWS\msn.com heb ik nergens kunnen terugvinden

-1e scan met VundoFix.exe leverde 1 bestand op: C:\WINDOWS\SYSTEM32\tuvTMgFW.dll

-kon 1e maal niet verwijderd worden

-reboot computer

-VundoFix.exe startte automatisch op

-nieuwe scan, zelfde resultaat: C:\WINDOWS\SYSTEM32\tuvTMgFW.dll

-kon opnieuw niet verwijderd worden, opnieuw reboot computer

-na 2e reboot vroeg Spybot of ik opnieuw VundoFix wou opstarten. Heb dit geweigerd omdat ik dacht dat het een vicieuze cirkel zou worden.

-HijackThis scan:

-02-BH0.... was al verdwenen

-020 - Winlogon Notify: tuvTMgFW was al verdwenen

-andere heb ik dus verwijderd

Ziehier C:\vundofix.txt

VundoFix V7.0.3

Scan started at 14:33:38 27/03/2008

Listing files found while scanning....

No infected files were found.

Beginning removal...

VundoFix V7.0.3

Scan started at 22:04:20 2008-03-27

Listing files found while scanning....

C:\WINDOWS\system32\tuvTMgFW.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\tuvTMgFW.dll

C:\WINDOWS\system32\tuvTMgFW.dll Could not be deleted.

Performing Repairs to the registry.

Done!

VundoFix V7.0.3

Scan started at 22:19:45 2008-03-27

Listing files found while scanning....

C:\WINDOWS\system32\tuvTMgFW.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\tuvTMgFW.dll

C:\WINDOWS\system32\tuvTMgFW.dll Could not be deleted.

Performing Repairs to the registry.

Done!

Log HijackTHis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:42, on 2008-03-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

c:\program files\a-squared free\a2service.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\TODDSrv.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\ApvxdWin.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\WebProxy.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Logitech\Video\AlbumDB2.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Vind snel wat je zoekt met MSN Search Toolbar

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175335457109

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--

End of file - 13839 bytes

Na de HijackThis scan + Fix, toonde Spybot idd wijziging in de registers (verwijdering, welke ik heb toegestaan).

Echter de C:\WINDOWS\SYSTEM32\tuvTMgFW.dll werd NIET verwijderd :( :( :(

Suggesties??? Vundofix in SAFE MODE uitvoeren? COMBOFIX ?

Ik ga opnieuw opstarten en kijken of ik nog die vraag tot installatie software msn.com krijg.

Link naar reactie
Delen op andere sites

update:

-bij opstarten wordt mij niet meer gevraagd om msn.com uit te voeren

-echter: Spybot vindt nog steeds Virtumonde. (zie attachment - screenshot)

-toen ik die wou verwijderen, crashte mijn computer (blauw scherm)

-bij heropstarten kreeg ik de melding dat Windows van een ernstige fout hersteld was.

-Spybot voegde eerst een waarde toe (System Startup Global entry - Entry KernelFaultCheck - nieuwe data %systemroot%\system32\dumprep 0-k) en verwijderde die nadien weer.

-laatste HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:52, on 2008-03-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

c:\program files\a-squared free\a2service.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe

C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

C:\WINDOWS\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\ApvxdWin.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\WebProxy.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Vind snel wat je zoekt met MSN Search Toolbar

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175335457109

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--

End of file - 13909 bytes

Graag opnieuw uw advies aub :-) Alvast bedankt,

Bart

post-3159-1417703737,0614_thumb.jpg

Link naar reactie
Delen op andere sites

Ondanks een aantal - misschien verrassende - gebeurtenissen, ben je toch op de goede weg. Nu is het inderdaad tijd voor een scan met Combofix (zoals je zelf ook al aangaf). Hang het logje van Combofix samen met een nieuw log van HJT aan je volgend bericht en we kijken verder wat er nog te doen valt.

Kan je - voor je aan Combofix begint - ook eens proberen of ja alle items in Spybot - behalve Virtumonde uiteraard - kan deleten ?

Link naar reactie
Delen op andere sites

(ik word hier stilaan zot: elektriciteitspanne in Gent, zo'n 3 uur plat gelegen)

-toen ik deze computer opstartte en IE opende, kreeg ik onmiddellijk aantal popups (uw computer is in gevaar, downloadt gratis onze software, etc), waarna Spybot telkens vroeg om gewijzigde waarden uit te voeren of te weigeren, en waarna Panda Antivirus meldde dat er spyware ontdekt was.

-Spybot scan (zie attachment, zo te zien nog meer entries bij Virtumonde)

-zoals gevraagd heb ik alles behalve Virtumonde verwijderd met Spybot.

-ik doe nu een poging met Combofix.

(Hopelijk lukt dat want ik heb echt geen zin om alles te herinstalleren)

Link naar reactie
Delen op andere sites

Combofix laten runnen (idd een aantal .dll, .ini bestanden werden verwijderd.

Combofix Log (28/03/2008)

ComboFix 08-03-26.3 - Bartus De Ridder 2008-03-28 13:20:00.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.453 [GMT 1:00]

Gestart vanuit: C:\Documents and Settings\Bartus De Ridder\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\LRrYayay.ini

C:\WINDOWS\system32\LRrYayay.ini2

C:\WINDOWS\system32\qhucqoey.dll

C:\WINDOWS\system32\tquvjmgd.dll

C:\WINDOWS\system32\tuvTMgFW.dll

C:\WINDOWS\system32\yayaYrRL.dll

C:\WINDOWS\system32\yeoqcuhq.ini

.

---- Previous Run -------

.

C:\WINDOWS\system32\jkkJyXrR.dll

C:\WINDOWS\system32\ssqNGVmK.dll

C:\WINDOWS\system32\yHjTDfhk.ini

C:\WINDOWS\system32\yHjTDfhk.ini2

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-28 to 2008-03-28 ))))))))))))))))))))))))))))))

.

2008-03-28 12:10 . 2008-03-28 12:10 54,336 --a------ C:\WINDOWS\system32\kisowfjv.dll

2008-03-27 21:07 . 2008-03-27 21:07 <DIR> d-------- C:\ComboFix[1]

2008-03-27 20:16 . 2008-03-27 20:16 <DIR> d-------- C:\Program Files\Trend Micro

2008-03-27 19:52 . 2008-03-27 23:54 <DIR> dr-h----- C:\Documents and Settings\Bartus De Ridder\Onlangs geopend

2008-03-27 14:50 . 2008-03-27 14:50 95 --a------ C:\WINDOWS\wininit.ini

2008-03-27 14:33 . 2008-03-27 22:29 <DIR> d-------- C:\VundoFix Backups

2008-03-27 13:33 . 2008-03-27 14:33 <DIR> d-------- C:\Temp\QRemove

2008-03-27 13:33 . 2008-03-27 13:33 <DIR> d-------- C:\Temp

2008-03-27 12:10 . 2008-03-27 14:01 <DIR> d-------- C:\Documents and Settings\Bartus De Ridder\Application Data\Systweak

2008-03-27 12:10 . 2008-03-27 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Systweak

2008-03-27 11:47 . 2008-03-27 11:48 <DIR> d-------- C:\Program Files\Panda Security

2008-03-27 11:21 . 2008-03-27 11:21 38,400 -rahs---- C:\WINDOWS\msn.com

2008-03-25 17:31 . 2008-03-25 17:31 <DIR> d-------- C:\Documents and Settings\Bartus De Ridder\Application Data\Flickr

2008-03-25 17:30 . 2008-03-27 21:33 <DIR> d-------- C:\Program Files\Flickr Uploadr

2008-03-25 15:22 . 2008-03-25 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia

2008-03-21 14:28 . 2008-03-27 18:50 <DIR> d-------- C:\Documents and Settings\Bartus De Ridder\Application Data\skypePM

2008-03-21 14:28 . 2008-03-21 14:28 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat

2008-03-21 14:27 . 2008-03-21 14:27 <DIR> d-------- C:\Program Files\Common Files\Skype

2008-03-19 20:12 . 2008-03-19 20:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel

2008-03-19 20:08 . 2007-03-15 17:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl

2008-03-19 20:08 . 2008-03-19 20:08 248 --a------ C:\WINDOWS\system32\PavCPL.dat

2008-03-19 20:05 . 2008-03-19 20:05 <DIR> d-------- C:\Program Files\Common Files\Panda Software

2008-03-19 20:05 . 2007-07-12 13:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys

2008-03-19 20:05 . 2007-05-23 15:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys

2008-03-19 09:38 . 2008-03-19 09:38 <DIR> d-------- C:\Program Files\MSXML 6.0

2008-03-19 08:41 . 2008-03-19 08:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet

2008-03-18 23:46 . 2008-03-18 23:46 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-03-18 20:51 . 2008-03-18 23:43 <DIR> d-------- C:\Documents and Settings\Bartus De Ridder\Application Data\Download Manager

2008-03-18 10:29 . 2008-03-18 10:28 691,545 --a------ C:\WINDOWS\unins000.exe

2008-03-18 10:29 . 2008-03-18 10:29 2,555 --a------ C:\WINDOWS\unins000.dat

2008-03-17 17:08 . 2008-03-27 11:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-17 17:08 . 2008-03-17 17:08 1,409 --a------ C:\WINDOWS\QTFont.for

2008-03-17 13:58 . 2008-03-17 14:00 <DIR> d-------- C:\Program Files\Windows Live

2008-03-17 13:58 . 2008-03-17 13:59 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-17 13:58 . 2008-03-17 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-28 12:08 --------- d-----w C:\Documents and Settings\Bartus De Ridder\Application Data\Skype

2008-03-28 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-03-27 20:33 --------- d-----w C:\Program Files\DivX

2008-03-27 20:17 --------- d-----w C:\Program Files\Yahoo!

2008-03-27 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-03-27 13:05 --------- d-----w C:\Program Files\Windows Desktop Search

2008-03-27 13:04 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-03-27 12:47 --------- d-----w C:\Program Files\a-squared Free

2008-03-25 15:19 --------- d-----w C:\Program Files\Nokia

2008-03-25 15:19 --------- d-----w C:\Program Files\Common Files\Nokia

2008-03-25 14:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations

2008-03-25 10:46 --------- d-----w C:\Program Files\Common Files\Adobe

2008-03-21 10:55 --------- d-----w C:\Program Files\Google

2008-03-19 13:49 --------- d-----w C:\Program Files\Apoint2K

2008-03-19 13:48 --------- d-----w C:\Program Files\PC Connectivity Solution

2008-03-19 08:51 --------- d-----w C:\Program Files\Java

2008-03-18 22:23 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys

2008-02-15 17:54 --------- d-----w C:\Documents and Settings\Bartus De Ridder\Application Data\Creative

2008-02-11 20:07 --------- d-----w C:\Program Files\AC3Filter

2008-02-11 18:25 --------- d-----w C:\Program Files\LimeWire

2008-02-06 18:06 --------- d-----w C:\Program Files\XviD

2008-02-06 18:04 --------- d-----w C:\Program Files\AVIcodec

2008-02-06 18:02 --------- d-----w C:\Program Files\GSpot

2008-01-30 19:02 --------- d-----w C:\Program Files\QuickTime

2008-01-30 16:18 222 ----a-w C:\Documents and Settings\Bartus De Ridder\Application Data\wklnhst.dat

2007-08-18 16:49 44,056 ----a-w C:\Documents and Settings\Bartus De Ridder\Application Data\GDIPFONTCACHEV1.DAT

2007-04-05 21:54 725,384 ----a-w C:\Program Files\WindowsXP-KB935448-x86-NLD.exe

2007-03-31 11:47 3,375,112 ----a-w C:\Program Files\lusetup.exe

2007-03-31 09:54 3,281,408 ----a-w C:\Program Files\SymADataWeb.msi

2007-03-30 19:25 19,755,560 ----a-w C:\Program Files\avg75free_446a965.exe

2007-03-30 19:22 13,829,120 ----a-w C:\Program Files\a2FreeSetup.exe

2007-03-30 18:15 19,994,184 ----a-w C:\Program Files\QuickTimeInstaller.exe

2007-03-30 16:18 20,933,888 ----a-w C:\Program Files\SkypeSetup.exe

2007-03-30 15:40 466,600 ----a-w C:\Program Files\msgr8uk.exe

2007-03-30 15:07 21,282 ----a-w C:\Program Files\Uninst.isu

2007-03-30 15:06 359 ----a-w C:\Program Files\cdsearch.cfg

2007-03-30 15:05 17,874,288 ----a-w C:\Program Files\Install_Messenger.exe

2007-03-30 15:02 86,016 ----a-w C:\Program Files\setupenne.dll

2007-03-30 13:30 810,384 ----a-w C:\Program Files\Google_Updater.exe

2004-03-18 12:55 14,953 ----a-w C:\Program Files\VDEN.RES

2004-03-18 12:55 14,881 ----a-w C:\Program Files\VDNE.RES

2004-03-17 16:02 2,364 ----a-w C:\Program Files\leesmij.txt

2004-03-17 13:15 1,089,024 ----a-w C:\Program Files\VDNE.exe

2004-03-17 13:15 1,089,024 ----a-w C:\Program Files\VDEN.exe

2004-03-17 12:28 280,784 ----a-w C:\Program Files\VDwin_g.res

2002-07-02 10:49 94,208 ----a-w C:\Program Files\cdutil32.dll

2002-07-01 17:55 81,920 ----a-w C:\Program Files\thsqry32.dll

2002-07-01 16:20 462,848 ----a-w C:\Program Files\cdclnt32.dll

2002-07-01 15:23 177,235 ----a-w C:\Program Files\hbserv32.dll

2002-06-25 14:32 339,968 ----a-w C:\Program Files\cdserv32.dll

2002-02-01 15:54 320,512 ----a-w C:\Program Files\gb.dll

1998-12-23 07:10 291,840 ----a-w C:\Program Files\LTKRN10N.DLL

1998-12-23 07:10 226,304 ----a-w C:\Program Files\Ltdis10n.dll

1998-12-23 07:10 102,912 ----a-w C:\Program Files\LTFIL10N.DLL

1997-11-08 15:44 233,472 ----a-w C:\Program Files\ILDA32.DLL

1997-05-15 17:07 4,590 ----a-w C:\Program Files\DOSWIN32.DAF

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21a91937-2a27-482e-bdb5-83ccc9966f5d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B0B59B4-55A3-4737-9FD5-B93C6430BF75}]

2008-03-28 12:10 54336 --a------ C:\WINDOWS\system32\kisowfjv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3B378B14-B9A2-4B99-BE09-3FE1666B4784}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51280983-BFA8-462F-93A4-4A060E047FCF}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 13:00 15360]

"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 09:47 65536]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 14:30 68856]

"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 11:46 196608]

"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 13:32 700416]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [ ]

"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [ ]

"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 21:40 64512]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 16:39 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 16:36 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 16:40 118784]

"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 23:34 16143872 C:\WINDOWS\RTHDCPL.exe]

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 06:40 196608]

"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-22 10:17 1077328]

"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2006-04-12 15:31 638976]

"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 13:57 53248]

"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 12:45 28672]

"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 12:45 65536]

"Zooming"="ZoomingHook.exe" [2005-06-06 08:58 24576 C:\WINDOWS\system32\ZoomingHook.exe]

"TCtryIOHook"="TCtrlIOHook.exe" [2006-01-03 15:11 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]

"TPSMain"="TPSMain.exe" [2005-08-11 15:14 266240 C:\WINDOWS\system32\TPSMain.exe]

"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 12:28 118784]

"TFncKy"="TFncKy.exe" []

"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 12:11 73728]

"NDSTray.exe"="NDSTray.exe" []

"DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-28 10:33 262144]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37 667718]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41 602182]

"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 16:22 89541 C:\WINDOWS\agrsmmsg.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 18:11 221184]

"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 10:09 458752]

"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 10:03 217088]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-02 13:00 15360]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\Documents and Settings\Bartus De Ridder\Menu Start\Programma's\Opstarten\

Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 13:06:14 59080]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 00:19:50 217193]

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-30 15:51:19 113664]

Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-03-30 14:30:41 124912]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-03-30 16:58:19 450560]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24 73728]

Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 21:44:08 257752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472]

"{08A8068E-53D1-42B2-B197-6D568843721F}"= C:\WINDOWS\system32\tuvTMgFW.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\StubInstaller.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\Drivers\ShlDrv51.sys [2007-05-23 15:40]

R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 13:49]

R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-04-18 14:12]

R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-03-02 17:49]

R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]

S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2004-05-21 20:15]

.

Inhoud van de 'Gedeelde Taken' map

"2008-03-22 14:19:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-28 13:27:45

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\a-squared free\a2service.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\TODDSrv.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\ApvxdWin.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\WebProxy.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

.

**************************************************************************

.

Voltooingstijd: 2008-03-28 13:30:40 - machine was rebooted [bartus De Ridder]

ComboFix-quarantined-files.txt 2008-03-28 12:30:37

Pre-Run: 15,992,160,256 bytes beschikbaar

Post-Run: 15,988,002,816 bytes beschikbaar

.

2008-03-19 08:38:45 --- E O F ---

HijackThis Log (28/03/2008)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:32:21, on 28/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\a-squared free\a2service.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\TODDSrv.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\ApvxdWin.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\WebProxy.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\explorer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\avciman.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Windows Live

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2B0B59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\kisowfjv.dll

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175335457109

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--

End of file - 14741 bytes

Bij het heropstarten kreeg ik weer aantal popups van Spybot (vraag naar toevoegen/verwijderen entries). Dit begint mij matig te irriteren. Enige suggesties?

Bovendien krijg ik nu van Panda Antivirus 2008 de melding dat er Adware gedecteerd is (Adware/SpyAxe) en dat zou in de tempory internet files van local settings zitten. Maar ik kan helemaal niet tot aan die locatie geraken, want die bestaat niet...heel bizar...

Bring on the suggestions :-)

Link naar reactie
Delen op andere sites

De volgende stap maar weer.

. Leeg de Cache and Cookies in IE:

  • Sluit Internet Explorer.
  • Ga naar Configuratiescherm > Internet Opties > tab Algemeen
  • Klik de Cookies verwijderen knop
  • Klik op de Bestanden verwijderen knop ernaast
  • Vink aan: Ook alle off line items verwijderen, klik OK

* Leeg andere Temporary files + Prullenbak

  • Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
  • Laat het je systeem scannen op bestanden die moeten verwijderd worden
  • Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
  • Klik daarna op OK.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\WINDOWS\system32\kisowfjv.dll

C:\WINDOWS\msn.com

C:\Documents and Settings\Bartus De Ridder\Application Data\wklnhst.dat

Folder::

C:\VundoFix Backups

C:\Temp\QRemove

Rzgistry::

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21a91937-2a27-482e-bdb5-83ccc9966f5d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B0B59B4-55A3-4737-9FD5-B93C6430BF75}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3B378B14-B9A2-4B99-BE09-3FE1666B4784}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51280983-BFA8-462F-93A4-4A060E047FCF}]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]

"{08A8068E-53D1-42B2-B197-6D568843721F}"=-

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.

Zou je evt. ook een betere screenshot kunnen maken van die Virtumonde-meldingen in Spybot. Want je vorige was niet echt goed leesbaar ... en ik zou die sleutels wel eens willen zien waarin die zich verstopt heeft.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.