Tancho

18 april 2008

Hartstikke bedankt voor de goede hulp, alles werkt en geen problemen meer gehad. Ben ook maar meteen met een grote schoonmaak begonnen want kwam er toch wel achter dat dat ook nodig was. Iedereen is ook weer blij omdat de computer nu weer kan worden gebruikt, nogmaals dank.

Gr Tancho

16 april 2008

ComboFix 08-04-15.4 - Frans 2008-04-16 14:32:43.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.249 [GMT 2:00]

Gestart vanuit: C:\Documents and Settings\Frans\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\winhelp.ini

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))

.

2008-04-14 20:28 . 2008-04-14 20:29 <DIR> d-------- C:\WINDOWS\ERUNT

2008-04-14 20:19 . 2008-04-14 20:19 <DIR> d-------- C:\SDFix

2008-04-13 22:16 . 2008-04-13 22:16 <DIR> d-------- C:\Program Files\Trend Micro

2008-04-13 20:58 . 2008-04-13 20:58 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-13 20:50 6,409,216 ----a-w C:\WINDOWS\Internet Logs\xDB4E6.tmp

2008-04-13 20:50 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB4E7.tmp

2008-04-13 20:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-04-13 20:39 --------- d-----w C:\Program Files\SpywareBlaster

2008-04-13 20:39 --------- d-----w C:\Program Files\Hitman Pro

2008-04-13 20:01 40,448 ----a-w C:\WINDOWS\Internet Logs\xDB4E5.tmp

2008-04-13 19:10 6,413,824 ----a-w C:\WINDOWS\Internet Logs\xDB4E4.tmp

2008-04-12 19:52 6,398,976 ----a-w C:\WINDOWS\Internet Logs\xDB4E3.tmp

2008-04-12 18:12 6,398,976 ----a-w C:\WINDOWS\Internet Logs\xDB4E2.tmp

2008-04-11 06:55 6,398,976 ----a-w C:\WINDOWS\Internet Logs\xDB4E0.tmp

2008-04-11 06:55 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB4E1.tmp

2008-04-10 15:27 6,401,024 ----a-w C:\WINDOWS\Internet Logs\xDB4DE.tmp

2008-04-10 15:27 24,576 ----a-w C:\WINDOWS\Internet Logs\xDB4DF.tmp

2008-04-09 18:39 6,400,512 ----a-w C:\WINDOWS\Internet Logs\xDB4DD.tmp

2008-04-09 07:59 6,398,976 ----a-w C:\WINDOWS\Internet Logs\xDB4DB.tmp

2008-04-09 07:59 38,912 ----a-w C:\WINDOWS\Internet Logs\xDB4DC.tmp

2008-04-08 19:14 6,398,976 ----a-w C:\WINDOWS\Internet Logs\xDB4DA.tmp

2008-04-07 20:33 6,398,976 ----a-w C:\WINDOWS\Internet Logs\xDB4D9.tmp

2008-04-05 14:02 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4D8.tmp

2008-04-05 11:08 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB4D7.tmp

2008-04-05 10:30 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4D6.tmp

2008-04-05 07:41 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4D4.tmp

2008-04-05 07:41 25,600 ----a-w C:\WINDOWS\Internet Logs\xDB4D5.tmp

2008-04-04 11:44 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4D2.tmp

2008-04-04 11:44 20,992 ----a-w C:\WINDOWS\Internet Logs\xDB4D3.tmp

2008-04-03 18:10 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4D1.tmp

2008-04-03 15:28 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB4D0.tmp

2008-04-03 14:42 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4CF.tmp

2008-04-02 20:05 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4CD.tmp

2008-04-02 20:05 29,184 ----a-w C:\WINDOWS\Internet Logs\xDB4CE.tmp

2008-04-02 15:36 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4CC.tmp

2008-04-02 12:17 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4CB.tmp

2008-04-01 17:37 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4C9.tmp

2008-04-01 17:37 47,104 ----a-w C:\WINDOWS\Internet Logs\xDB4CA.tmp

2008-04-01 14:45 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4C8.tmp

2008-03-30 17:31 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4C6.tmp

2008-03-29 11:11 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4C5.tmp

2008-03-28 18:19 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4C4.tmp

2008-03-27 22:37 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4C3.tmp

2008-03-27 19:21 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4C2.tmp

2008-03-27 19:21 29,184 ----a-w C:\WINDOWS\Internet Logs\xDB4C7.tmp

2008-03-26 19:19 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4C1.tmp

2008-03-26 08:48 15,872 ----a-w C:\WINDOWS\Internet Logs\xDB4EE.tmp

2008-03-26 08:46 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4C0.tmp

2008-03-25 22:22 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB4BF.tmp

2008-03-25 17:29 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4BE.tmp

2008-03-25 07:04 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4BC.tmp

2008-03-25 07:04 17,920 ----a-w C:\WINDOWS\Internet Logs\xDB4BD.tmp

2008-03-24 19:34 22,528 ----a-w C:\WINDOWS\Internet Logs\xDB4BB.tmp

2008-03-24 19:29 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4BA.tmp

2008-03-23 23:07 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4B8.tmp

2008-03-23 23:07 24,576 ----a-w C:\WINDOWS\Internet Logs\xDB4B9.tmp

2008-03-23 06:15 18,432 ----a-w C:\WINDOWS\Internet Logs\xDB4B7.tmp

2008-03-23 05:57 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4B6.tmp

2008-03-22 21:44 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4B4.tmp

2008-03-22 21:44 23,552 ----a-w C:\WINDOWS\Internet Logs\xDB4B5.tmp

2008-03-22 17:43 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4B3.tmp

2008-03-21 16:13 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4B1.tmp

2008-03-21 13:38 39,424 ----a-w C:\WINDOWS\Internet Logs\xDB4B2.tmp

2008-03-21 10:17 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4B0.tmp

2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-19 18:48 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4AF.tmp

2008-03-18 06:59 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4AD.tmp

2008-03-18 06:59 29,184 ----a-w C:\WINDOWS\Internet Logs\xDB4AE.tmp

2008-03-17 20:43 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4AC.tmp

2008-03-16 20:27 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4AB.tmp

2008-03-15 16:26 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A9.tmp

2008-03-15 16:26 52,736 ----a-w C:\WINDOWS\Internet Logs\xDB4AA.tmp

2008-03-14 21:26 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A8.tmp

2008-03-13 19:12 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A7.tmp

2008-03-12 15:37 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A6.tmp

2008-03-12 14:04 6,394,880 ----a-w C:\WINDOWS\Internet Logs\xDB4A5.tmp

2008-03-11 22:28 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A4.tmp

2008-03-11 15:38 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A3.tmp

2008-03-10 22:07 6,395,392 ----a-w C:\WINDOWS\Internet Logs\xDB4A2.tmp

2008-03-09 20:56 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A0.tmp

2008-03-09 20:56 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB4A1.tmp

2008-03-09 18:51 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB49F.tmp

2008-03-09 14:12 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB49E.tmp

2008-03-09 14:11 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB49D.tmp

2008-03-09 13:23 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB49B.tmp

2008-03-09 13:23 15,872 ----a-w C:\WINDOWS\Internet Logs\xDB49C.tmp

2008-03-09 12:53 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB499.tmp

2008-03-09 12:53 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB49A.tmp

2008-03-09 09:10 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB497.tmp

2008-03-09 09:10 23,040 ----a-w C:\WINDOWS\Internet Logs\xDB498.tmp

2008-03-08 19:10 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB496.tmp

2008-03-08 11:49 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB494.tmp

2008-03-08 11:49 21,504 ----a-w C:\WINDOWS\Internet Logs\xDB495.tmp

2008-03-08 08:39 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB493.tmp

2008-03-07 22:16 29,696 ----a-w C:\WINDOWS\Internet Logs\xDB492.tmp

2008-03-07 16:55 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB491.tmp

2008-03-07 14:24 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB490.tmp

2008-03-06 21:18 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB48F.tmp

2008-03-06 07:06 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB48D.tmp

2008-03-06 07:06 19,968 ----a-w C:\WINDOWS\Internet Logs\xDB48E.tmp

2008-03-05 19:49 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB48C.tmp

2008-03-05 18:50 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB48B.tmp

2008-03-05 13:03 22,528 ----a-w C:\WINDOWS\Internet Logs\xDB48A.tmp

2008-03-05 12:59 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB489.tmp

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]

"HyvesKwekker"="C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe" [2007-04-06 11:12 1588736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2003-03-27 10:34 53248 C:\WINDOWS\SOUNDMAN.EXE]

"nwiz"="nwiz.exe" [2003-11-17 11:33 753664 C:\WINDOWS\system32\nwiz.exe]

"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2004-02-17 17:01 693528]

"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [2004-08-20 13:29 188416]

"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-08-24 15:26 299008]

"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe" [2004-08-24 19:16 61440]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07 49263]

"snpstd"="C:\WINDOWS\vsnpstd.exe" [2006-08-23 14:36 339968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2004-08-04 10:03 54784 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"D:\\Mijn Documenten\\Mijn ontvangen bestanden\\Winks(1)\\Winks\\mcoinstall.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R2 ETDrv;ETDrv;C:\WINDOWS\system32\drivers\ETDrv.sys [2003-04-07 21:48]

R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2005-09-24 17:08]

R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2005-09-24 17:08]

R3 sm56pci;sm56pci;C:\WINDOWS\system32\DRIVERS\sm56pci.sys [1999-11-05 10:42]

R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2005-09-24 17:24]

S2 A4SII300;A4SII300;C:\WINDOWS\system32\drivers\A4SII300.SYS []

S2 UMAXPCLS;Stuurprogramma voor scanner op printerpoort;C:\WINDOWS\system32\DRIVERS\umaxpcls.sys [2001-08-17 22:58]

S3 efipsk;efipsk;C:\DOCUME~1\josje\LOCALS~1\Temp\efipsk.sys []

.

Inhoud van de 'Gedeelde Taken' map

"2008-04-15 16:00:00 C:\WINDOWS\Tasks\A4A86D389187E784.job"

- c:\docume~1\josje\applic~1\creati~1\SHOW BIRD ABOUT.exe

"2008-04-15 16:00:00 C:\WINDOWS\Tasks\AFB461E591841379.job"

- c:\docume~1\frans\applic~1\creati~1\SHOW BIRD ABOUT.exe

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-16 14:36:25

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-04-16 14:37:22

ComboFix-quarantined-files.txt 2008-04-16 12:37:07

Pre-Run: 336,351,232 bytes beschikbaar

Post-Run: 878,186,496 bytes beschikbaar

.

2008-04-10 15:26:13 --- E O F ---

14 april 2008

ik heb de instructie gevolgd en hier de logs:

SDFix: Version 1.171

Run by Frans on ma 14-04-2008 at 20:30

Microsoft Windows XP [versie 5.1.2600]

Running From: C:\SDFix\SDFix

Checking Services :

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\%^^%^%~1.exe - Deleted

C:\WINDOWS\system32\^^%%%%~1.exe - Deleted

C:\WINDOWS\mrofinu1423.exe - Deleted

C:\Documents and Settings\Frans\real.txt - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-14 20:36:51

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:5531c660

"s2"=dword:e1098d13

"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:bb,94,54,f5,0e,bc,a1,8a,06,da,02,58,d4,26,b4,62,ff,e9,41,66,52,..

"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"khjeh"=hex:77,d7,9c,2c,06,94,02,ea,8e,eb,20,7a,9e,3b,c9,ca,cd,a3,2d,35,15,..

"a0"=hex:20,01,00,00,2e,ac,89,b4,c7,17,ef,0d,da,9d,a8,3f,0e,fc,6b,f1,40,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:fe,6e,a9,2a,c8,7a,56,16,02,7d,36,98,59,9a,78,79,b6,73,1e,69,30,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:bb,94,54,f5,0e,bc,a1,8a,06,da,02,58,d4,26,b4,62,ff,e9,41,66,52,..

"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"khjeh"=hex:77,d7,9c,2c,06,94,02,ea,8e,eb,20,7a,9e,3b,c9,ca,cd,a3,2d,35,15,..

"a0"=hex:20,01,00,00,2e,ac,89,b4,c7,17,ef,0d,da,9d,a8,3f,0e,fc,6b,f1,40,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:fe,6e,a9,2a,c8,7a,56,16,02,7d,36,98,59,9a,78,79,b6,73,1e,69,30,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"F:\\Program Files\\EA GAMES\\The Battle for Middle-earth\\game.dat"="F:\\Program Files\\EA GAMES\\The Battle for Middle-earth\\game.dat:*:Enabled:The Battle for Middle-earth "

"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"

"F:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="F:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"D:\\Mijn Documenten\\Mijn ontvangen bestanden\\Winks(1)\\Winks\\mcoinstall.exe"="D:\\Mijn Documenten\\Mijn ontvangen bestanden\\Winks(1)\\Winks\\mcoinstall.exe:*:Enabled:mcoinstall"

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :

File Backups: - C:\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"

Sun 14 Mar 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Thu 15 May 2003 43,008 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"

Wed 14 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b8d5769ed022fab7a177db7759e6a27b\BIT3BF.tmp"

Thu 21 Dec 2006 34,308 ...H. --- "C:\Documents and Settings\Bart\Application Data\Macromedia\Shockwave Player\xtras\download\AndradeArts\Music\BASSMOD.dll"

Wed 11 Jul 2007 34,308 ...H. --- "C:\Documents and Settings\Frans\Application Data\Macromedia\Shockwave Player\xtras\download\AndradeArts\Music\BASSMOD.dll"

Finished!

-----------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:45:21, on 14-4-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Lexmark 6200 Series\lxbumon.exe

C:\Program Files\Lexmark 6200 Series\ezprint.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\vsnpstd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\lxbucoms.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = StartNow's Internet Explorer Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Mobstar - A dark world of money, murder and politics

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = StartNow's Internet Explorer Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = StartNow's Internet Explorer Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [HyvesKwekker] "C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Ashampoo Magical Defrag.lnk = F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O23 - Service: AshampooDefragService - - F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 6470 bytes

13 april 2008

Hallo, ik heb een msn virus opgelopen door op een link van een foto te klikken, ik ben er al achter dat ik niet de enige ben en heb al vast een log van hijackthis gemaakt:

kunnen jullie mij helpen

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:17:14, on 13-4-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Lexmark 6200 Series\lxbumon.exe

C:\Program Files\Lexmark 6200 Series\ezprint.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\vsnpstd.exe

C:\WINDOWS\mrofinu1423.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe

C:\WINDOWS\system32\lxbucoms.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = StartNow's Internet Explorer Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Mobstar - A dark world of money, murder and politics

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = StartNow's Internet Explorer Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = StartNow's Internet Explorer Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ %^ ^%^%^^% ^^ ^ ^%%%^%%%% %^ % % %.exe

O2 - BHO: PopThis! BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Program Files\mathies.com\PopThis!\PopThis.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {14922705-B322-21AD-45D9-66E1038AC291} - C:\DOCUME~1\josje\APPLIC~1\GPLELS~1\PILECURB.exe (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"

O4 - HKLM\..\Run: [okaysoftwarenounbold] C:\Documents and Settings\All Users\Application Data\eggs road okay software\InsidePeak.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\ %^ ^%^%^^% ^^ ^ ^%%%^%%%% %^ % % %.exe

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Two Axis] C:\DOCUME~1\Frans\APPLIC~1\CREATI~1\Date Blue.exe