bartusderidder
-
Items
20 -
Registratiedatum
-
Laatst bezocht
bartusderidder's prestaties
-
Andermaal super bedankt! Bizarre is wel, dat ik niks gedaan heb (althans niet bewust) om die problemen te verhelpen...enkel Panda anti-virus scan...zal het nauw in de gaten houden, en indien die Virtumonde toch weer opduikt, dan kom ik terug ;-)
-
Beste Kape, Ik heb uw orders opgevolgd: -HJT, echter in meest recente log kwam dit (R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Bing bar from bing.com) niet meer voor; heb dus enkel die andere kunnen verwijderen -dan MBAM geupdatet, en snelle scan gedaan, maar geen enkele infectie gevonden??? bizar!! zie log onderaan) -Spybot: ook geen bedreigingen!?! (het was nochtans Spybot dat die Virtumonde gevonden had) Betekent dit dat ik van het probleem verlost ben? of zie ik iets over het hoofd? Mvg, Bart MBAM log: Malwarebytes' Anti-Malware 1.44 Database versie: 3510 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 21/01/2010 19:33:45 mbam-log-2010-01-21 (19-33-45).txt Scan type: Snelle Scan Objecten gescand: 125377 Verstreken tijd: 10 minute(s), 47 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:04:07, on 21/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\a-squared free\a2service.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\TODDSrv.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\system32\ZoomingHook.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavJobs.exe C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Bing bar from bing.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175335457109 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5573/mcfscan.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 15118 bytes ---------- Post toegevoegd om 20:09 ---------- Vorige post was om 20:05 ---------- huh? nu staat die Bing Bar er toch nog tussen... Ik probeer het opnieuw ---------- Post toegevoegd om 20:23 ---------- Vorige post was om 20:09 ---------- MBAM log: Malwarebytes' Anti-Malware 1.44 Database versie: 3510 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 21/01/2010 20:21:56 mbam-log-2010-01-21 (20-21-56).txt Scan type: Snelle Scan Objecten gescand: 126268 Verstreken tijd: 11 minute(s), 16 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:23:07, on 21/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\a-squared free\a2service.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\TODDSrv.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\system32\ZoomingHook.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavJobs.exe C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175335457109 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5573/mcfscan.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 15055 bytes
-
Merci! Ik weet alvast weer wat gedaan vanavond... ;-)
-
Geacht Forum, Omdat ik hier in het verleden ook al goed geholpen ben, keer ik (spijtiggenoeg) terug. Vandaag op Facebook op een link geclickt (zag er onschuldig uit), doorgesluisd naar andere site, diende recentste versie van FlashPlayer te installeren, en toen begon de miserie...popup van ZoneAlarm...deny...maar het kwaad was blijkbaar al geschied. Spybot (1e scan): dl16.exe + keylogger, reparatie Spybot (2e scan): Virtumonde.sdn (nog niet verwijderd) Panda Antivirus: gaf GEEN problemen weer (????) Op aanraden Engelse site www.virusremovalguru.com Stopzilla gedownload. Dit is nu aan het scannen (maar duurt een eeuwigheid), en geeft al het volgende weer: -MalWare Alarm (type Rogue) -CatchMe (type Trojan) -System Policies.Disable Registry (type Hijacker) -Inet2000 (Spyware) Dit is m'n HJT-log. Graag uw advies voor het geval Stopzilla toch niet zo'n "Stopper" is. Alvast bedankt! Bart Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:29:57, on 19/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\a-squared free\a2service.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\TODDSrv.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\system32\ZoomingHook.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\STOPzilla!\STOPzilla.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\STOPzilla!\SZOptions.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Bing bar from bing.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175335457109 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5573/mcfscan.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 15777 bytes
-
Alrighty !!!! Thanks again en ik weet waar terecht indien mijn computer opnieuw raar zou beginnen doen.
-
Ccleaner had ik al op laptop staan...alle handelingen uitgevoerd. Ok, domme vraag: verwijderen systeemherstelpunten? dmv uitschakelen systeemherstel, computer heropstarten en dan weer inschakelen van systeemherstel en herstelpunt aanmaken? (zie immers bij instelling van systeemherstelpunt -dat kalendertje- geen optie om punten te verwijderen.
-
Ziezo, Panda scan is afgelopen; zoals gedacht werd alles wat met ComboFix te maken heeft, beschouwd als virus en gedesinfecteerd of hernoemd (ComboFix in Prullenmand, en dat andere in C:\ComboFix). Ik maak nu nog de prullenmand leeg, en dan denk ik dat het probleem opgelost is.....of heb ik nog iets over het hoofd gezien? ALVAST SUPER BEDANKT VOOR DE VLOTTE EN ZEER SNELLE HULP!!!!!!!!! Bart uit Gent PS: MSN/Windows Live Messenger komt er bij mij NIET meer in !!!!
-
-1e scan (dus vóór verwijderen van ComboFix en maken herstelpunt): geen bedreigingen gevonden -2e scan (na maken herstelpunt, gebruik van internet): 3 tracking cookies, verwijderd met Spybot. -Panda is nog aan het scannen, toont 1 virus (gedesinfecteerd - ik veronderstel dat dat ComboFix is dat nog in de prullenmand zit). Eindresultaat volgt straks!
-
in C:\ vind ik ook een map ComboFix en ComboFix[1] terug met daarin heel wat bestanden. Moet/mag ik die ook verwijderen? Ben nu aan het scannen zowel met Spybot als met Panda Antivirus. Ik hou u op de hoogte.
-
ok, -O2 - BHO verwijderd -maar het wanneer ik combofix /u doe, dan vraagt mijn computer of ik die software wil uitvoeren, ik klik op "ja", maar dan opent enkel het blauwe venster van Combofix, met daarin een blinke cursor, maar verder geen activiteit...kan ik Combofix ook op een andere manier verwijderen en een systeemherstelpunt aanmaken (via systeemherste)? btw, een eerste Spybot scan (voor plaatsen van dit bericht) toonde geen Virtumonde meer, ik hoop dat het straks ook nog zo is ;-)
-
-alle cookies verwijderd (vond echter niet de knop om bestanden te verwijderen) -cleanmgr uitgevoerd -Combofix + CFScript.txt uitgevoerd, LOG -HijackThis, LOG -dat Yahoo tekentje is nu teruggekeerd (zie vorige post) ComboFix 08-03-26.3 - Bartus De Ridder 2008-03-28 15:32:34.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.414 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Bartus De Ridder\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Bartus De Ridder\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! FILE :: C:\Documents and Settings\Bartus De Ridder\Application Data\wklnhst.dat C:\WINDOWS\msn.com C:\WINDOWS\system32\kisowfjv.dll . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Bartus De Ridder\Application Data\wklnhst.dat C:\Temp\QRemove C:\Temp\QRemove\MSvCR71.DLL C:\Temp\QRemove\PFILE32.dll C:\Temp\QRemove\PPROCS32.dll C:\Temp\QRemove\PQDLL.dll C:\Temp\QRemove\PQREMOVE_PSSCAN.EXE C:\Temp\QRemove\PSKALLOC.DLL C:\Temp\QRemove\PSKCMP.DLL C:\Temp\QRemove\PS***IL.DLL C:\Temp\QRemove\PSKVFILE.DLL C:\Temp\QRemove\PSSCAN.DLL C:\Temp\QRemove\PUTIL32.dll C:\Temp\QRemove\PVER32.dll C:\VundoFix Backups C:\VundoFix Backups\addmorefiles.txt C:\VundoFix Backups\tuvTMgFW.dll.bad C:\WINDOWS\msn.com C:\WINDOWS\system32\kisowfjv.dll . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))) . 2008-03-27 21:07 . 2008-03-28 13:47 <DIR> d-------- C:\ComboFix[1] 2008-03-27 20:16 . 2008-03-27 20:16 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-27 19:52 . 2008-03-28 15:27 <DIR> dr-h----- C:\Documents and Settings\Bartus De Ridder\Onlangs geopend 2008-03-27 14:50 . 2008-03-27 14:50 95 --a------ C:\WINDOWS\wininit.ini 2008-03-27 13:33 . 2008-03-28 15:32 <DIR> d-------- C:\Temp 2008-03-27 12:10 . 2008-03-27 14:01 <DIR> d-------- C:\Documents and Settings\Bartus De Ridder\Application Data\Systweak 2008-03-27 12:10 . 2008-03-27 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Systweak 2008-03-27 11:47 . 2008-03-27 11:48 <DIR> d-------- C:\Program Files\Panda Security 2008-03-25 17:31 . 2008-03-25 17:31 <DIR> d-------- C:\Documents and Settings\Bartus De Ridder\Application Data\Flickr 2008-03-25 17:30 . 2008-03-27 21:33 <DIR> d-------- C:\Program Files\Flickr Uploadr 2008-03-25 15:22 . 2008-03-25 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia 2008-03-21 14:28 . 2008-03-27 18:50 <DIR> d-------- C:\Documents and Settings\Bartus De Ridder\Application Data\skypePM 2008-03-21 14:28 . 2008-03-21 14:28 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-03-21 14:27 . 2008-03-21 14:27 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-03-19 20:12 . 2008-03-19 20:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel 2008-03-19 20:08 . 2007-03-15 17:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl 2008-03-19 20:08 . 2008-03-19 20:08 248 --a------ C:\WINDOWS\system32\PavCPL.dat 2008-03-19 20:05 . 2008-03-19 20:05 <DIR> d-------- C:\Program Files\Common Files\Panda Software 2008-03-19 20:05 . 2007-07-12 13:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys 2008-03-19 20:05 . 2007-05-23 15:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys 2008-03-19 09:38 . 2008-03-19 09:38 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-03-19 08:41 . 2008-03-19 08:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-03-18 23:46 . 2008-03-18 23:46 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2008-03-18 20:51 . 2008-03-18 23:43 <DIR> d-------- C:\Documents and Settings\Bartus De Ridder\Application Data\Download Manager 2008-03-18 10:29 . 2008-03-18 10:28 691,545 --a------ C:\WINDOWS\unins000.exe 2008-03-18 10:29 . 2008-03-18 10:29 2,555 --a------ C:\WINDOWS\unins000.dat 2008-03-17 17:08 . 2008-03-27 11:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-17 17:08 . 2008-03-17 17:08 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-17 13:58 . 2008-03-17 14:00 <DIR> d-------- C:\Program Files\Windows Live 2008-03-17 13:58 . 2008-03-17 13:59 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-17 13:58 . 2008-03-17 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-28 12:08 --------- d-----w C:\Documents and Settings\Bartus De Ridder\Application Data\Skype 2008-03-28 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-03-27 20:33 --------- d-----w C:\Program Files\DivX 2008-03-27 20:17 --------- d-----w C:\Program Files\Yahoo! 2008-03-27 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-27 13:05 --------- d-----w C:\Program Files\Windows Desktop Search 2008-03-27 13:04 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-27 12:47 --------- d-----w C:\Program Files\a-squared Free 2008-03-25 15:19 --------- d-----w C:\Program Files\Nokia 2008-03-25 15:19 --------- d-----w C:\Program Files\Common Files\Nokia 2008-03-25 14:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations 2008-03-25 10:46 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-21 10:55 --------- d-----w C:\Program Files\Google 2008-03-19 13:49 --------- d-----w C:\Program Files\Apoint2K 2008-03-19 13:48 --------- d-----w C:\Program Files\PC Connectivity Solution 2008-03-19 08:51 --------- d-----w C:\Program Files\Java 2008-03-18 22:23 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2008-02-15 17:54 --------- d-----w C:\Documents and Settings\Bartus De Ridder\Application Data\Creative 2008-02-11 20:07 --------- d-----w C:\Program Files\AC3Filter 2008-02-11 18:25 --------- d-----w C:\Program Files\LimeWire 2008-02-06 18:06 --------- d-----w C:\Program Files\XviD 2008-02-06 18:04 --------- d-----w C:\Program Files\AVIcodec 2008-02-06 18:02 --------- d-----w C:\Program Files\GSpot 2008-01-30 19:02 --------- d-----w C:\Program Files\QuickTime 2007-08-18 16:49 44,056 ----a-w C:\Documents and Settings\Bartus De Ridder\Application Data\GDIPFONTCACHEV1.DAT 2007-04-05 21:54 725,384 ----a-w C:\Program Files\WindowsXP-KB935448-x86-NLD.exe 2007-03-31 11:47 3,375,112 ----a-w C:\Program Files\lusetup.exe 2007-03-31 09:54 3,281,408 ----a-w C:\Program Files\SymADataWeb.msi 2007-03-30 19:25 19,755,560 ----a-w C:\Program Files\avg75free_446a965.exe 2007-03-30 19:22 13,829,120 ----a-w C:\Program Files\a2FreeSetup.exe 2007-03-30 18:15 19,994,184 ----a-w C:\Program Files\QuickTimeInstaller.exe 2007-03-30 16:18 20,933,888 ----a-w C:\Program Files\SkypeSetup.exe 2007-03-30 15:40 466,600 ----a-w C:\Program Files\msgr8uk.exe 2007-03-30 15:07 21,282 ----a-w C:\Program Files\Uninst.isu 2007-03-30 15:06 359 ----a-w C:\Program Files\cdsearch.cfg 2007-03-30 15:05 17,874,288 ----a-w C:\Program Files\Install_Messenger.exe 2007-03-30 15:02 86,016 ----a-w C:\Program Files\setupenne.dll 2007-03-30 13:30 810,384 ----a-w C:\Program Files\Google_Updater.exe 2005-05-11 21:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll 2004-03-18 12:55 14,953 ----a-w C:\Program Files\VDEN.RES 2004-03-18 12:55 14,881 ----a-w C:\Program Files\VDNE.RES 2004-03-17 16:02 2,364 ----a-w C:\Program Files\leesmij.txt 2004-03-17 13:15 1,089,024 ----a-w C:\Program Files\VDNE.exe 2004-03-17 13:15 1,089,024 ----a-w C:\Program Files\VDEN.exe 2004-03-17 12:28 280,784 ----a-w C:\Program Files\VDwin_g.res 2002-07-02 10:49 94,208 ----a-w C:\Program Files\cdutil32.dll 2002-07-01 17:55 81,920 ----a-w C:\Program Files\thsqry32.dll 2002-07-01 16:20 462,848 ----a-w C:\Program Files\cdclnt32.dll 2002-07-01 15:23 177,235 ----a-w C:\Program Files\hbserv32.dll 2002-06-25 14:32 339,968 ----a-w C:\Program Files\cdserv32.dll 2002-02-01 15:54 320,512 ----a-w C:\Program Files\gb.dll 1998-12-23 07:10 291,840 ----a-w C:\Program Files\LTKRN10N.DLL 1998-12-23 07:10 226,304 ----a-w C:\Program Files\Ltdis10n.dll 1998-12-23 07:10 102,912 ----a-w C:\Program Files\LTFIL10N.DLL 1997-11-08 15:44 233,472 ----a-w C:\Program Files\ILDA32.DLL 1997-05-15 17:07 4,590 ----a-w C:\Program Files\DOSWIN32.DAF . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 13:00 15360] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 09:47 65536] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 14:30 68856] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 11:46 196608] "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 13:32 700416] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [ ] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [ ] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 21:40 64512] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 16:39 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 16:36 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 16:40 118784] "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 23:34 16143872 C:\WINDOWS\RTHDCPL.exe] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 06:40 196608] "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-22 10:17 1077328] "CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2006-04-12 15:31 638976] "TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 13:57 53248] "HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 12:45 28672] "SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 12:45 65536] "Zooming"="ZoomingHook.exe" [2005-06-06 08:58 24576 C:\WINDOWS\system32\ZoomingHook.exe] "TCtryIOHook"="TCtrlIOHook.exe" [2006-01-03 15:11 28672 C:\WINDOWS\system32\TCtrlIOHook.exe] "TPSMain"="TPSMain.exe" [2005-08-11 15:14 266240 C:\WINDOWS\system32\TPSMain.exe] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 12:28 118784] "TFncKy"="TFncKy.exe" [] "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 12:11 73728] "NDSTray.exe"="NDSTray.exe" [] "DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-28 10:33 262144] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41 602182] "AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 16:22 89541 C:\WINDOWS\agrsmmsg.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 18:11 221184] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 10:09 458752] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 10:03 217088] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-02 13:00 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336] C:\Documents and Settings\Bartus De Ridder\Menu Start\Programma's\Opstarten\ Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 13:06:14 59080] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 00:19:50 217193] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-30 15:51:19 113664] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-03-30 14:30:41 124912] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-03-30 16:58:19 450560] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360] Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24 73728] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 21:44:08 257752] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472] "{08A8068E-53D1-42B2-B197-6D568843721F}"= C:\WINDOWS\system32\tuvTMgFW.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\Drivers\ShlDrv51.sys [2007-05-23 15:40] R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 13:49] R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-04-18 14:12] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-03-02 17:49] R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45] S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2004-05-21 20:15] . Inhoud van de 'Gedeelde Taken' map "2008-03-22 14:19:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-28 15:33:50 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-03-28 15:34:12 ComboFix-quarantined-files.txt 2008-03-28 14:34:09 ComboFix2.txt 2008-03-28 12:30:41 Pre-Run: 17,107,357,696 bytes beschikbaar Post-Run: 17,093,083,136 bytes beschikbaar . 2008-03-19 08:38:45 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:35:04, on 28/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\a-squared free\a2service.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\system32\ZoomingHook.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\TODDSrv.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\AGRSMMSG.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\Panda Software\Panda Antivirus 2007\ApvxdWin.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\Panda Software\Panda Antivirus 2007\WebProxy.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Vind snel wat je zoekt met MSN Search Toolbar R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2B0B59B4-55A3-4737-9FD5-B93C6430BF75} - (no file) O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175335457109 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 14700 bytes Ben eens benieuwd ;-)
-
-Screenshot Spybot nadat Combofix Virtumonde "zogezegd" verwijderd had. Andere problemen werden met Spybot verwijderd. Ik voer nu uw bovenstaande instructies uit. -Iets wat ik ook bemerkt heb (weet niet of het er iets mee te maken heeft). Wanneer ik naar de log-in pagina van Yahoo Mail ga, dan verschijnt er voor de http:// normaal een rode 'Y' (teken van Yahoo), wanneer ik dat nu doe, dan zie ik daar het teken van Blogger (oranje vierkantje met witte B in) verschijnen. De pagina lijkt echter orgineel, want wordt niet als phising ge-alarmeerd en bovendien is het sign-in seal correct (er wordt weergegeven wat ik er destijds had ingezet).
-
Dag Kape, -Ik heb zonet nog een virusscan gedaan met Panda Antivirus. Combofix wordt blijkbaar als virus/trojan horse herkend. Op aanraden van Panda website, heb ik nadien systeemherstel uitgeschakeld, computer weer opgestart en nadien systeemherstel weer ingeschakeld -ivm mijn screenshots: wanneer ik hier op deze site op screenshot click, dan opent dat eerst in deze site (met zwarte achtergrond er om heen), wanneer ik dan nog eens klik, dan opent het in op een nieuwe pagina, en wanneer ik er dan nog eens op klik (muis is dan vergrootglas bij IE 7), dan kan ik alles perfect lezen. -ben ondertussen bezig met nog eens Spybot te laten runnen, en ik zie nu al dat Virtumonde ER NOG STEEDS INZIT (......) straks screenshot -ik volg nadien uw bovenstaande instructies op.
-
Combofix laten runnen (idd een aantal .dll, .ini bestanden werden verwijderd. Combofix Log (28/03/2008) ComboFix 08-03-26.3 - Bartus De Ridder 2008-03-28 13:20:00.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.453 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Bartus De Ridder\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\LRrYayay.ini C:\WINDOWS\system32\LRrYayay.ini2 C:\WINDOWS\system32\qhucqoey.dll C:\WINDOWS\system32\tquvjmgd.dll C:\WINDOWS\system32\tuvTMgFW.dll C:\WINDOWS\system32\yayaYrRL.dll C:\WINDOWS\system32\yeoqcuhq.ini . ---- Previous Run ------- . C:\WINDOWS\system32\jkkJyXrR.dll C:\WINDOWS\system32\ssqNGVmK.dll C:\WINDOWS\system32\yHjTDfhk.ini C:\WINDOWS\system32\yHjTDfhk.ini2 . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))) . 2008-03-28 12:10 . 2008-03-28 12:10 54,336 --a------ C:\WINDOWS\system32\kisowfjv.dll 2008-03-27 21:07 . 2008-03-27 21:07 <DIR> d-------- C:\ComboFix[1] 2008-03-27 20:16 . 2008-03-27 20:16 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-27 19:52 . 2008-03-27 23:54 <DIR> dr-h----- C:\Documents and Settings\Bartus De Ridder\Onlangs geopend 2008-03-27 14:50 . 2008-03-27 14:50 95 --a------ C:\WINDOWS\wininit.ini 2008-03-27 14:33 . 2008-03-27 22:29 <DIR> d-------- C:\VundoFix Backups 2008-03-27 13:33 . 2008-03-27 14:33 <DIR> d-------- C:\Temp\QRemove 2008-03-27 13:33 . 2008-03-27 13:33 <DIR> d-------- C:\Temp 2008-03-27 12:10 . 2008-03-27 14:01 <DIR> d-------- C:\Documents and Settings\Bartus De Ridder\Application Data\Systweak 2008-03-27 12:10 . 2008-03-27 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Systweak 2008-03-27 11:47 . 2008-03-27 11:48 <DIR> d-------- C:\Program Files\Panda Security 2008-03-27 11:21 . 2008-03-27 11:21 38,400 -rahs---- C:\WINDOWS\msn.com 2008-03-25 17:31 . 2008-03-25 17:31 <DIR> d-------- C:\Documents and Settings\Bartus De Ridder\Application Data\Flickr 2008-03-25 17:30 . 2008-03-27 21:33 <DIR> d-------- C:\Program Files\Flickr Uploadr 2008-03-25 15:22 . 2008-03-25 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia 2008-03-21 14:28 . 2008-03-27 18:50 <DIR> d-------- C:\Documents and Settings\Bartus De Ridder\Application Data\skypePM 2008-03-21 14:28 . 2008-03-21 14:28 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-03-21 14:27 . 2008-03-21 14:27 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-03-19 20:12 . 2008-03-19 20:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel 2008-03-19 20:08 . 2007-03-15 17:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl 2008-03-19 20:08 . 2008-03-19 20:08 248 --a------ C:\WINDOWS\system32\PavCPL.dat 2008-03-19 20:05 . 2008-03-19 20:05 <DIR> d-------- C:\Program Files\Common Files\Panda Software 2008-03-19 20:05 . 2007-07-12 13:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys 2008-03-19 20:05 . 2007-05-23 15:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys 2008-03-19 09:38 . 2008-03-19 09:38 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-03-19 08:41 . 2008-03-19 08:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-03-18 23:46 . 2008-03-18 23:46 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2008-03-18 20:51 . 2008-03-18 23:43 <DIR> d-------- C:\Documents and Settings\Bartus De Ridder\Application Data\Download Manager 2008-03-18 10:29 . 2008-03-18 10:28 691,545 --a------ C:\WINDOWS\unins000.exe 2008-03-18 10:29 . 2008-03-18 10:29 2,555 --a------ C:\WINDOWS\unins000.dat 2008-03-17 17:08 . 2008-03-27 11:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-17 17:08 . 2008-03-17 17:08 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-17 13:58 . 2008-03-17 14:00 <DIR> d-------- C:\Program Files\Windows Live 2008-03-17 13:58 . 2008-03-17 13:59 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-17 13:58 . 2008-03-17 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-28 12:08 --------- d-----w C:\Documents and Settings\Bartus De Ridder\Application Data\Skype 2008-03-28 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-03-27 20:33 --------- d-----w C:\Program Files\DivX 2008-03-27 20:17 --------- d-----w C:\Program Files\Yahoo! 2008-03-27 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-27 13:05 --------- d-----w C:\Program Files\Windows Desktop Search 2008-03-27 13:04 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-27 12:47 --------- d-----w C:\Program Files\a-squared Free 2008-03-25 15:19 --------- d-----w C:\Program Files\Nokia 2008-03-25 15:19 --------- d-----w C:\Program Files\Common Files\Nokia 2008-03-25 14:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations 2008-03-25 10:46 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-21 10:55 --------- d-----w C:\Program Files\Google 2008-03-19 13:49 --------- d-----w C:\Program Files\Apoint2K 2008-03-19 13:48 --------- d-----w C:\Program Files\PC Connectivity Solution 2008-03-19 08:51 --------- d-----w C:\Program Files\Java 2008-03-18 22:23 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2008-02-15 17:54 --------- d-----w C:\Documents and Settings\Bartus De Ridder\Application Data\Creative 2008-02-11 20:07 --------- d-----w C:\Program Files\AC3Filter 2008-02-11 18:25 --------- d-----w C:\Program Files\LimeWire 2008-02-06 18:06 --------- d-----w C:\Program Files\XviD 2008-02-06 18:04 --------- d-----w C:\Program Files\AVIcodec 2008-02-06 18:02 --------- d-----w C:\Program Files\GSpot 2008-01-30 19:02 --------- d-----w C:\Program Files\QuickTime 2008-01-30 16:18 222 ----a-w C:\Documents and Settings\Bartus De Ridder\Application Data\wklnhst.dat 2007-08-18 16:49 44,056 ----a-w C:\Documents and Settings\Bartus De Ridder\Application Data\GDIPFONTCACHEV1.DAT 2007-04-05 21:54 725,384 ----a-w C:\Program Files\WindowsXP-KB935448-x86-NLD.exe 2007-03-31 11:47 3,375,112 ----a-w C:\Program Files\lusetup.exe 2007-03-31 09:54 3,281,408 ----a-w C:\Program Files\SymADataWeb.msi 2007-03-30 19:25 19,755,560 ----a-w C:\Program Files\avg75free_446a965.exe 2007-03-30 19:22 13,829,120 ----a-w C:\Program Files\a2FreeSetup.exe 2007-03-30 18:15 19,994,184 ----a-w C:\Program Files\QuickTimeInstaller.exe 2007-03-30 16:18 20,933,888 ----a-w C:\Program Files\SkypeSetup.exe 2007-03-30 15:40 466,600 ----a-w C:\Program Files\msgr8uk.exe 2007-03-30 15:07 21,282 ----a-w C:\Program Files\Uninst.isu 2007-03-30 15:06 359 ----a-w C:\Program Files\cdsearch.cfg 2007-03-30 15:05 17,874,288 ----a-w C:\Program Files\Install_Messenger.exe 2007-03-30 15:02 86,016 ----a-w C:\Program Files\setupenne.dll 2007-03-30 13:30 810,384 ----a-w C:\Program Files\Google_Updater.exe 2004-03-18 12:55 14,953 ----a-w C:\Program Files\VDEN.RES 2004-03-18 12:55 14,881 ----a-w C:\Program Files\VDNE.RES 2004-03-17 16:02 2,364 ----a-w C:\Program Files\leesmij.txt 2004-03-17 13:15 1,089,024 ----a-w C:\Program Files\VDNE.exe 2004-03-17 13:15 1,089,024 ----a-w C:\Program Files\VDEN.exe 2004-03-17 12:28 280,784 ----a-w C:\Program Files\VDwin_g.res 2002-07-02 10:49 94,208 ----a-w C:\Program Files\cdutil32.dll 2002-07-01 17:55 81,920 ----a-w C:\Program Files\thsqry32.dll 2002-07-01 16:20 462,848 ----a-w C:\Program Files\cdclnt32.dll 2002-07-01 15:23 177,235 ----a-w C:\Program Files\hbserv32.dll 2002-06-25 14:32 339,968 ----a-w C:\Program Files\cdserv32.dll 2002-02-01 15:54 320,512 ----a-w C:\Program Files\gb.dll 1998-12-23 07:10 291,840 ----a-w C:\Program Files\LTKRN10N.DLL 1998-12-23 07:10 226,304 ----a-w C:\Program Files\Ltdis10n.dll 1998-12-23 07:10 102,912 ----a-w C:\Program Files\LTFIL10N.DLL 1997-11-08 15:44 233,472 ----a-w C:\Program Files\ILDA32.DLL 1997-05-15 17:07 4,590 ----a-w C:\Program Files\DOSWIN32.DAF . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21a91937-2a27-482e-bdb5-83ccc9966f5d}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B0B59B4-55A3-4737-9FD5-B93C6430BF75}] 2008-03-28 12:10 54336 --a------ C:\WINDOWS\system32\kisowfjv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3B378B14-B9A2-4B99-BE09-3FE1666B4784}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51280983-BFA8-462F-93A4-4A060E047FCF}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 13:00 15360] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 09:47 65536] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 14:30 68856] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 11:46 196608] "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 13:32 700416] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [ ] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [ ] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 21:40 64512] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 16:39 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 16:36 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 16:40 118784] "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 23:34 16143872 C:\WINDOWS\RTHDCPL.exe] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 06:40 196608] "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-22 10:17 1077328] "CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2006-04-12 15:31 638976] "TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 13:57 53248] "HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 12:45 28672] "SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 12:45 65536] "Zooming"="ZoomingHook.exe" [2005-06-06 08:58 24576 C:\WINDOWS\system32\ZoomingHook.exe] "TCtryIOHook"="TCtrlIOHook.exe" [2006-01-03 15:11 28672 C:\WINDOWS\system32\TCtrlIOHook.exe] "TPSMain"="TPSMain.exe" [2005-08-11 15:14 266240 C:\WINDOWS\system32\TPSMain.exe] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 12:28 118784] "TFncKy"="TFncKy.exe" [] "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 12:11 73728] "NDSTray.exe"="NDSTray.exe" [] "DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-28 10:33 262144] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41 602182] "AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 16:22 89541 C:\WINDOWS\agrsmmsg.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 18:11 221184] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 10:09 458752] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 10:03 217088] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-02 13:00 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336] C:\Documents and Settings\Bartus De Ridder\Menu Start\Programma's\Opstarten\ Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 13:06:14 59080] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 00:19:50 217193] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-30 15:51:19 113664] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-03-30 14:30:41 124912] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-03-30 16:58:19 450560] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360] Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24 73728] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 21:44:08 257752] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472] "{08A8068E-53D1-42B2-B197-6D568843721F}"= C:\WINDOWS\system32\tuvTMgFW.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\Drivers\ShlDrv51.sys [2007-05-23 15:40] R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 13:49] R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-04-18 14:12] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-03-02 17:49] R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45] S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2004-05-21 20:15] . Inhoud van de 'Gedeelde Taken' map "2008-03-22 14:19:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-28 13:27:45 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\a-squared free\a2service.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\TODDSrv.exe C:\WINDOWS\system32\wdfmgr.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Panda Software\Panda Antivirus 2007\ApvxdWin.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Panda Software\Panda Antivirus 2007\WebProxy.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\TPSBattM.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe . ************************************************************************** . Voltooingstijd: 2008-03-28 13:30:40 - machine was rebooted [bartus De Ridder] ComboFix-quarantined-files.txt 2008-03-28 12:30:37 Pre-Run: 15,992,160,256 bytes beschikbaar Post-Run: 15,988,002,816 bytes beschikbaar . 2008-03-19 08:38:45 --- E O F --- HijackThis Log (28/03/2008) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:32:21, on 28/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\a-squared free\a2service.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\TODDSrv.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Panda Software\Panda Antivirus 2007\ApvxdWin.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Panda Software\Panda Antivirus 2007\WebProxy.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\system32\ZoomingHook.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\explorer.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Panda Software\Panda Antivirus 2007\avciman.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Windows Live R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2B0B59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\kisowfjv.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175335457109 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 14741 bytes Bij het heropstarten kreeg ik weer aantal popups van Spybot (vraag naar toevoegen/verwijderen entries). Dit begint mij matig te irriteren. Enige suggesties? Bovendien krijg ik nu van Panda Antivirus 2008 de melding dat er Adware gedecteerd is (Adware/SpyAxe) en dat zou in de tempory internet files van local settings zitten. Maar ik kan helemaal niet tot aan die locatie geraken, want die bestaat niet...heel bizar... Bring on the suggestions
-
(ik word hier stilaan zot: elektriciteitspanne in Gent, zo'n 3 uur plat gelegen) -toen ik deze computer opstartte en IE opende, kreeg ik onmiddellijk aantal popups (uw computer is in gevaar, downloadt gratis onze software, etc), waarna Spybot telkens vroeg om gewijzigde waarden uit te voeren of te weigeren, en waarna Panda Antivirus meldde dat er spyware ontdekt was. -Spybot scan (zie attachment, zo te zien nog meer entries bij Virtumonde) -zoals gevraagd heb ik alles behalve Virtumonde verwijderd met Spybot. -ik doe nu een poging met Combofix. (Hopelijk lukt dat want ik heb echt geen zin om alles te herinstalleren)
