ruskic

Lid

Bekijk profiel Bekijk hun activiteit

Items
70
Registratiedatum
18 mei 2008
Laatst bezocht
14 maart 2022

Inhoudstype

Alle activiteit

Profielen

Forums

Store

Product Reviews

Alles dat geplaatst werd door ruskic

[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

ruskic reageerde op ruskic's topic in Archief Bestrijding malware & virussen

Hoi Xeno, Bij deze , ik stuur je wat je gevraagt hebt. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:32:00, on 24-05-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\00THotkey.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Planet - Planet Homepage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Kraidman] C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth Monitor.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203365513121 O17 - HKLM\System\CCS\Services\Tcpip\..\{473E2151-1AB9-4143-A034-521C7A354C28}: NameServer = 195.121.1.34,195.121.1.66 O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10989 bytes ComboFix 08-05-21.3 - Drago 2008-05-24 10:24:06.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.385 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Drago\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Drago\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt * Resident AV is active WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! FILE :: C:\WINDOWS\system.tmp C:\WINDOWS\system32\beep.sys C:\WINDOWS\system32\tmp.reg C:\WINDOWS\win.tmp . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system.tmp C:\WINDOWS\system32\beep.sys C:\WINDOWS\system32\tmp.reg C:\WINDOWS\win.tmp . (((((((((((((((((((( Bestanden Gemaakt van 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))) . 2008-05-22 22:28 . 2008-05-22 22:29 <DIR> d-------- C:\12345 2008-05-19 19:48 . 2008-05-19 19:48 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\Malwarebytes 2008-05-19 19:47 . 2008-05-19 19:47 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-19 19:47 . 2008-05-19 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-19 19:47 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-19 19:47 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-19 18:31 . 2008-05-24 10:24 <DIR> d-------- C:\quarantine 2008-05-18 16:45 . 2008-05-18 16:45 <DIR> d-------- C:\WINDOWS\ERUNT 2008-05-18 12:17 . 2008-05-18 12:17 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\Uniblue 2008-05-18 11:49 . 2008-05-18 11:49 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-18 05:26 . 2008-05-18 05:26 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-05-18 05:07 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-18 05:07 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-18 05:07 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-18 05:07 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-18 04:06 . 2008-05-24 10:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-18 03:36 . 2006-08-24 11:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2008-05-18 03:36 . 2006-07-10 16:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2008-05-18 03:35 . 2008-05-18 04:03 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-05-18 03:35 . 2008-05-18 03:35 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\PC Tools 2008-05-18 01:40 . 2008-05-18 01:40 16,128 --a------ C:\WINDOWS\rundll32.vbe 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\PC Suite 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\Nokia 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite 2008-05-14 13:11 . 2008-05-14 13:11 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-05-14 13:11 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Nokia 2008-05-14 13:11 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-05-14 13:11 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-05-14 13:10 . 2008-05-14 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations 2008-05-13 12:48 . 2008-05-13 12:48 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-04-26 09:10 . 2008-04-26 09:10 <DIR> d-------- C:\Program Files\LimeWire 2008-04-26 09:10 . 2008-05-08 06:30 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\LimeWire 2008-04-25 20:00 . 2008-04-25 20:00 <DIR> d-------- C:\Program Files\Microsoft Works 2008-04-25 19:59 . 2008-04-25 19:59 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-04-25 19:55 . 2008-04-25 19:59 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-04-25 19:55 . 2008-04-25 19:55 <DIR> dr-h----- C:\MSOCache 2008-04-25 19:55 . 2008-05-15 06:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-04-24 08:15 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2008-04-24 08:15 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys 2008-04-24 08:15 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-04-24 08:15 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-21 20:37 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-05-18 02:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-17 23:18 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-14 11:11 --------- d-----w C:\Program Files\DIFX 2008-04-21 19:46 --------- d-----w C:\Program Files\vanBasco's Karaoke Player 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\12345 ---- 2004-09-02 13:00 399360 --a------ C:\12345\CF31496.exe 2000-08-31 08:00 28160 -ra------ C:\12345\nircmd.com ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 13:00 15360] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 11:47 65536] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-05-18 03:38 2115728] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-02 13:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 13:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 13:00 455168] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 23:40 64512] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-18 23:30 7122944] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:03 110592 C:\WINDOWS\system32\bthprops.cpl] "Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 13:11 73728] "TFncKy"="TFncKy.exe" [] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 11:51 823296] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 11:49 974848] "00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2005-05-11 13:02 253952] "000StTHK"="000StTHK.exe" [2001-06-23 05:28 24576 C:\WINDOWS\system32\000StTHK.exe] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2008-02-19 02:24 196608] "Kraidman"="C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe" [2005-08-11 16:37 1093712] "NDSTray.exe"="NDSTray.exe" [] "TPSMain"="TPSMain.exe" [2005-07-06 15:04 266240 C:\WINDOWS\system32\TPSMain.exe] "TPSODDCtl"="TPSODDCtl.exe" [2005-07-06 15:04 102400 C:\WINDOWS\system32\TPSODDCtl.exe] "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 13:25 1077327] "TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2005-09-01 13:29 102400] "TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 16:07 49152] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 14:28 118784] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 09:00 94208] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-12-07 04:55 131072] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 10:48 147514] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-02 13:00 15360] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-05-18 03:38 2115728] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Bluetooth Monitor.lnk - C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2008-02-19 00:31:33 65536] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-02-19 04:59:25 122880] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\BitTornado\\btdownloadgui.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= R0 KR10N;KR10N;C:\WINDOWS\system32\DRIVERS\KR10N.sys [2008-02-18 20:19] R2 TOS_SPS;TOSHIBA SPS Driver;C:\Program Files\TOSHIBA\TMP2VDec\TOS_SPS.sys [2005-07-11 18:01] R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 16:18] R3 ttv400x;TOSHIBA PCI DVB-T/Analog Hybrid Tuner;C:\WINDOWS\system32\drivers\ttv400x.sys [2008-02-19 00:20] S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53] S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2003-05-07 16:54] *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-24 10:27:58 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp" -- [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Windows Action Script] "ImagePath"="\"\"" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Windows Action Script] "ImagePath"="\"\"" . Voltooingstijd: 2008-05-24 10:29:23 ComboFix-quarantined-files.txt 2008-05-24 08:29:18 ComboFix2.txt 2008-05-23 13:30:49 ComboFix3.txt 2008-05-22 20:24:17 Pre-Run: 59,367,075,840 bytes beschikbaar Post-Run: 59,358,691,328 bytes beschikbaar 178 --- E O F --- 2008-05-21 20:37:46
- 24 mei 2008
- 44 antwoorden
[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

ruskic reageerde op ruskic's topic in Archief Bestrijding malware & virussen

En een heel vers HJT logje Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:38:39, on 23-05-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\00THotkey.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Planet - Planet Homepage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Kraidman] C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\bin\ZLH.EXE /LOAD /SPLASH O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth Monitor.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203365513121 O17 - HKLM\System\CCS\Services\Tcpip\..\{473E2151-1AB9-4143-A034-521C7A354C28}: NameServer = 195.121.1.34,195.121.1.66 O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\bin\NJEEVES.EXE (file missing) O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Bin\Zanda.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11253 bytes
- 23 mei 2008
- 44 antwoorden
[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

ruskic reageerde op ruskic's topic in Archief Bestrijding malware & virussen

Hallo Xeno, ik heb de cd niet in huis liggen. Mijn versie is overigens legaal via internet geregistreerd. Hier het logje van RVAXO: ---RVAXO.exe Updated: 2008-05-21---first run--- Uninstallers: Files found: C:\WINDOWS\BM47406f4e.txt C:\WINDOWS\system32\clkcnt.txt Folders Found: Hosts-file was reset, If you use a custom hosts file please replace it... --------------RVAXO.exe last run--------------- Not deleted items: --------------RVAXO.exe finished---------------- Het CF logje; ComboFix 08-05-21.3 - Drago 2008-05-23 15:23:51.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.372 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Drago\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt * Resident AV is active WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\tjgkhooj.dll . (((((((((((((((((((( Bestanden Gemaakt van 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))) . 2008-05-22 22:34 . 2008-05-23 15:14 <DIR> d-------- C:\RVAXO 2008-05-22 22:31 . 2008-05-21 12:16 826,539 --a------ C:\WINDOWS\system32\RVAXO.bat 2008-05-22 22:31 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe 2008-05-22 22:28 . 2008-05-22 22:29 <DIR> d-------- C:\12345 2008-05-22 22:28 . 2008-04-25 20:50 582 --a------ C:\WINDOWS\win.tmp 2008-05-22 22:28 . 2008-05-23 15:29 227 --a------ C:\WINDOWS\system.tmp 2008-05-19 19:48 . 2008-05-19 19:48 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\Malwarebytes 2008-05-19 19:47 . 2008-05-19 19:47 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-19 19:47 . 2008-05-19 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-19 19:47 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-19 19:47 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-19 18:31 . 2008-05-23 15:23 <DIR> d-------- C:\quarantine 2008-05-18 16:45 . 2008-05-18 16:45 <DIR> d-------- C:\WINDOWS\ERUNT 2008-05-18 12:17 . 2008-05-18 12:17 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\Uniblue 2008-05-18 11:49 . 2008-05-18 11:49 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-18 05:26 . 2008-05-18 05:26 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-05-18 05:10 . 2008-05-19 21:56 5,016 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-18 05:07 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-18 05:07 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-18 05:07 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-18 05:07 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-18 04:06 . 2008-05-22 22:48 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-18 03:36 . 2006-08-24 11:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2008-05-18 03:36 . 2006-07-10 16:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2008-05-18 03:35 . 2008-05-18 04:03 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-05-18 03:35 . 2008-05-18 03:35 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\PC Tools 2008-05-18 01:40 . 2008-05-18 01:40 16,128 --a------ C:\WINDOWS\rundll32.vbe 2008-05-18 01:20 . 2004-09-02 13:00 4,224 --a------ C:\WINDOWS\system32\beep.sys 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\PC Suite 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\Nokia 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite 2008-05-14 13:11 . 2008-05-14 13:11 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-05-14 13:11 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Nokia 2008-05-14 13:11 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-05-14 13:11 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-05-14 13:10 . 2008-05-14 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations 2008-05-13 12:48 . 2008-05-13 12:48 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-04-26 09:10 . 2008-04-26 09:10 <DIR> d-------- C:\Program Files\LimeWire 2008-04-26 09:10 . 2008-05-08 06:30 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\LimeWire 2008-04-25 20:00 . 2008-04-25 20:00 <DIR> d-------- C:\Program Files\Microsoft Works 2008-04-25 19:59 . 2008-04-25 19:59 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-04-25 19:55 . 2008-04-25 19:59 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-04-25 19:55 . 2008-04-25 19:55 <DIR> dr-h----- C:\MSOCache 2008-04-25 19:55 . 2008-05-15 06:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-04-24 08:15 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2008-04-24 08:15 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys 2008-04-24 08:15 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-04-24 08:15 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-21 20:37 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-05-18 02:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-17 23:18 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-14 11:11 --------- d-----w C:\Program Files\DIFX 2008-04-21 19:46 --------- d-----w C:\Program Files\vanBasco's Karaoke Player 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 13:00 15360] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 11:47 65536] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-05-18 03:38 2115728] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-02 13:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 13:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 13:00 455168] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 23:40 64512] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-18 23:30 7122944] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:03 110592 C:\WINDOWS\system32\bthprops.cpl] "Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 13:11 73728] "TFncKy"="TFncKy.exe" [] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 11:51 823296] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 11:49 974848] "00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2005-05-11 13:02 253952] "000StTHK"="000StTHK.exe" [2001-06-23 05:28 24576 C:\WINDOWS\system32\000StTHK.exe] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2008-02-19 02:24 196608] "Kraidman"="C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe" [2005-08-11 16:37 1093712] "NDSTray.exe"="NDSTray.exe" [] "TPSMain"="TPSMain.exe" [2005-07-06 15:04 266240 C:\WINDOWS\system32\TPSMain.exe] "TPSODDCtl"="TPSODDCtl.exe" [2005-07-06 15:04 102400 C:\WINDOWS\system32\TPSODDCtl.exe] "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 13:25 1077327] "TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2005-09-01 13:29 102400] "TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 16:07 49152] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 14:28 118784] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 09:00 94208] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-12-07 04:55 131072] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 10:48 147514] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "Norman ZANDA"="C:\VIRUSfighter\bin\ZLH.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-02 13:00 15360] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-05-18 03:38 2115728] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Bluetooth Monitor.lnk - C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2008-02-19 00:31:33 65536] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-02-19 04:59:25 122880] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\BitTornado\\btdownloadgui.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= R0 KR10N;KR10N;C:\WINDOWS\system32\DRIVERS\KR10N.sys [2008-02-18 20:19] R2 TOS_SPS;TOSHIBA SPS Driver;C:\Program Files\TOSHIBA\TMP2VDec\TOS_SPS.sys [2005-07-11 18:01] R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 16:18] R3 ttv400x;TOSHIBA PCI DVB-T/Analog Hybrid Tuner;C:\WINDOWS\system32\drivers\ttv400x.sys [2008-02-19 00:20] S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53] S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2003-05-07 16:54] *Newly Created Service* - CATCHME *Newly Created Service* - ENTDRV51 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-23 15:29:06 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Windows Action Script] "ImagePath"="\"\"" . Voltooingstijd: 2008-05-23 15:30:46 ComboFix-quarantined-files.txt 2008-05-23 13:30:41 ComboFix2.txt 2008-05-22 20:24:17 Pre-Run: 59,450,867,712 bytes beschikbaar Post-Run: 59,443,294,208 bytes beschikbaar 167 --- E O F --- 2008-05-21 20:37:46
- 23 mei 2008
- 44 antwoorden
[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

ruskic reageerde op ruskic's topic in Archief Bestrijding malware & virussen

Hallo Xeno, ik ben blij dat jij me zal helpen. Aangezien ik elke vorm van hulp aan zal nemen. Ik ben nu bezig om Combofix opnieuw te downloaden en ben nu bij de stap dat ik de XP recovery Console ook moet downloaden, nu heb ik een klein probleempje want het downloaden van de recovery console is alleen op toepassing van XP Home Edition en XP Professional. Ik heb Service Pack 2 Media Centre Edition, dus welke moet ik nemen?
- 22 mei 2008
- 44 antwoorden
[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

ruskic reageerde op ruskic's topic in Archief Bestrijding malware & virussen

Beste Kape, Ik heb CWShredder laten scannen maar hij heeft niks gevonden. Hier het CF logje; ComboFix 08-05-15.3 - Drago 2008-05-22 17:28:56.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.399 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Drago\Bureaublad\12345.exe Command switches used :: C:\Documents and Settings\Drago\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt * Resident AV is active WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((( Bestanden Gemaakt van 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))) . 2008-05-21 21:10 . 2008-05-21 21:11 227 --a------ C:\WINDOWS\system.tmp 2008-05-19 21:55 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-19 21:55 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-05-19 21:55 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-05-19 21:55 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-05-19 20:38 . 2008-04-25 20:50 582 --a------ C:\WINDOWS\win.tmp 2008-05-19 19:48 . 2008-05-19 19:48 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\Malwarebytes 2008-05-19 19:47 . 2008-05-19 19:47 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-19 19:47 . 2008-05-19 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-19 19:47 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-19 19:47 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-19 18:31 . 2008-05-22 17:28 <DIR> d-------- C:\quarantine 2008-05-19 18:30 . 2008-05-19 18:30 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-05-18 16:45 . 2008-05-18 16:45 <DIR> d-------- C:\WINDOWS\ERUNT 2008-05-18 12:17 . 2008-05-18 12:17 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\Uniblue 2008-05-18 11:49 . 2008-05-18 11:49 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-18 05:26 . 2008-05-18 05:26 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-05-18 05:10 . 2008-05-19 21:56 5,016 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-18 05:07 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-18 05:07 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-18 05:07 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-18 05:07 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-18 04:06 . 2008-05-21 22:39 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-18 03:36 . 2006-08-24 11:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2008-05-18 03:36 . 2006-07-10 16:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2008-05-18 03:35 . 2008-05-18 04:03 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-05-18 03:35 . 2008-05-18 03:35 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\PC Tools 2008-05-18 01:40 . 2008-05-18 01:40 16,128 --a------ C:\WINDOWS\rundll32.vbe 2008-05-18 01:20 . 2004-09-02 13:00 4,224 --a------ C:\WINDOWS\system32\beep.sys 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\PC Suite 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\Nokia 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite 2008-05-14 13:11 . 2008-05-14 13:11 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-05-14 13:11 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Nokia 2008-05-14 13:11 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-05-14 13:11 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-05-14 13:10 . 2008-05-14 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations 2008-05-13 12:48 . 2008-05-13 12:48 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-04-26 09:10 . 2008-04-26 09:10 <DIR> d-------- C:\Program Files\LimeWire 2008-04-26 09:10 . 2008-05-08 06:30 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\LimeWire 2008-04-25 20:00 . 2008-04-25 20:00 <DIR> d-------- C:\Program Files\Microsoft Works 2008-04-25 19:59 . 2008-04-25 19:59 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-04-25 19:55 . 2008-04-25 19:59 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-04-25 19:55 . 2008-04-25 19:55 <DIR> dr-h----- C:\MSOCache 2008-04-25 19:55 . 2008-05-15 06:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-04-24 08:15 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2008-04-24 08:15 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys 2008-04-24 08:15 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-04-24 08:15 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-21 20:37 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-05-18 02:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-17 23:18 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-14 11:11 --------- d-----w C:\Program Files\DIFX 2008-04-21 19:46 --------- d-----w C:\Program Files\vanBasco's Karaoke Player 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((( snapshot@2008-05-19_20.36.10.07 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-19 18:33:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-22 15:20:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 13:00 15360] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 11:47 65536] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-05-18 03:38 2115728] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-02 13:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 13:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 13:00 455168] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 23:40 64512] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-18 23:30 7122944] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:03 110592 C:\WINDOWS\system32\bthprops.cpl] "Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 13:11 73728] "TFncKy"="TFncKy.exe" [] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 11:51 823296] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 11:49 974848] "00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2005-05-11 13:02 253952] "000StTHK"="000StTHK.exe" [2001-06-23 05:28 24576 C:\WINDOWS\system32\000StTHK.exe] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2008-02-19 02:24 196608] "Kraidman"="C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe" [2005-08-11 16:37 1093712] "NDSTray.exe"="NDSTray.exe" [] "TPSMain"="TPSMain.exe" [2005-07-06 15:04 266240 C:\WINDOWS\system32\TPSMain.exe] "TPSODDCtl"="TPSODDCtl.exe" [2005-07-06 15:04 102400 C:\WINDOWS\system32\TPSODDCtl.exe] "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 13:25 1077327] "TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2005-09-01 13:29 102400] "TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 16:07 49152] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 14:28 118784] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 09:00 94208] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-12-07 04:55 131072] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 10:48 147514] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "Norman ZANDA"="C:\VIRUSfighter\bin\ZLH.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-02 13:00 15360] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-05-18 03:38 2115728] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Bluetooth Monitor.lnk - C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2008-02-19 00:31:33 65536] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-02-19 04:59:25 122880] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnLBTM] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\BitTornado\\btdownloadgui.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= R0 KR10N;KR10N;C:\WINDOWS\system32\DRIVERS\KR10N.sys [2008-02-18 20:19] R2 TOS_SPS;TOSHIBA SPS Driver;C:\Program Files\TOSHIBA\TMP2VDec\TOS_SPS.sys [2005-07-11 18:01] R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 16:18] R3 ttv400x;TOSHIBA PCI DVB-T/Analog Hybrid Tuner;C:\WINDOWS\system32\drivers\ttv400x.sys [2008-02-19 00:20] S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53] S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2003-05-07 16:54] *Newly Created Service* - ENTDRV51 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-22 17:32:32 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Windows Action Script] "ImagePath"="\"\"" . Voltooingstijd: 2008-05-22 17:34:03 ComboFix-quarantined-files.txt 2008-05-22 15:33:56 ComboFix2.txt 2008-05-21 19:13:19 ComboFix3.txt 2008-05-20 20:22:26 ComboFix4.txt 2008-05-19 18:37:11 ComboFix5.txt 2008-05-19 16:55:49 Pre-Run: 58,050,564,096 bytes beschikbaar Post-Run: 58,041,970,688 bytes beschikbaar 173 --- E O F --- 2008-05-21 20:37:46 HIJACK THIS logje; Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:07:52, on 22-05-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\00THotkey.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Planet - Planet Homepage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Kraidman] C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\bin\ZLH.EXE /LOAD /SPLASH O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth Monitor.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203365513121 O17 - HKLM\System\CCS\Services\Tcpip\..\{473E2151-1AB9-4143-A034-521C7A354C28}: NameServer = 195.121.1.34,195.121.1.66 O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\bin\NJEEVES.EXE (file missing) O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Bin\Zanda.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11287 bytes
- 22 mei 2008
- 44 antwoorden
[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

ruskic reageerde op ruskic's topic in Archief Bestrijding malware & virussen

Hoi Kape, ik ben nu bezig met CWS wat moet ik precies aanvinken? - move cws files found to the recycle bin instead of deleting them? En moet ik dan gewoon scan only doen, of de fix?
- 21 mei 2008
- 44 antwoorden
[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

ruskic reageerde op ruskic's topic in Archief Bestrijding malware & virussen

Beste Kape ik heb tot Hijackthis alles gedaan maar ik zit nou vast want door Hijackthis woorden bestanden 02-BHO.....niet gevonden wel 020,023. Wat nou?
- 20 mei 2008
- 44 antwoorden
[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

ruskic reageerde op ruskic's topic in Archief Bestrijding malware & virussen

Hallo, ik zie vel verbetering blauw scherm is weg, laptop is sneller geworden en die gele drie hoek is ook weg. SmitFraudFix v2.320 Scan done at 21:56:05,09, 19-05-2008 Run from C:\Documents and Settings\Drago\Bureaublad\SmitfraudFix OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\accesss.exe Deleted C:\WINDOWS\astctl32.ocx Deleted C:\WINDOWS\clrssn.exe Deleted C:\WINDOWS\cpan.dll Deleted C:\WINDOWS\olehelp.exe Deleted C:\WINDOWS\systeem.exe Deleted C:\WINDOWS\systemcritical.exe Deleted C:\WINDOWS\time.exe Deleted C:\WINDOWS\users32.exe Deleted C:\WINDOWS\waol.exe Deleted C:\WINDOWS\win32e.exe Deleted C:\WINDOWS\win64.exe Deleted C:\WINDOWS\winajbm.dll Deleted C:\WINDOWS\winmgnt.exe Deleted C:\WINDOWS\xplugin.dll Deleted C:\WINDOWS\xxxvideo.hta Deleted »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{25FF1799-59F5-40F9-8FA8-9EBC396963CE}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\..\{473E2151-1AB9-4143-A034-521C7A354C28}: NameServer=195.121.1.34,195.121.1.66 HKLM\SYSTEM\CS1\Services\Tcpip\..\{25FF1799-59F5-40F9-8FA8-9EBC396963CE}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\..\{473E2151-1AB9-4143-A034-521C7A354C28}: NameServer=195.121.1.34,195.121.1.66 HKLM\SYSTEM\CS2\Services\Tcpip\..\{25FF1799-59F5-40F9-8FA8-9EBC396963CE}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\..\{473E2151-1AB9-4143-A034-521C7A354C28}: NameServer=195.121.1.34,195.121.1.66 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End
- 19 mei 2008
- 44 antwoorden
[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

ruskic reageerde op ruskic's topic in Archief Bestrijding malware & virussen

log van combofix ComboFix 08-05-15.3 - Drago 2008-05-19 20:25:33.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.397 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Drago\Bureaublad\12345.exe Command switches used :: C:\Documents and Settings\Drago\Bureaublad\CFScript.txt..txt * Nieuw herstelpunt werd aangemaakt * Resident AV is active WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! FILE :: C:\WINDOWS\avpcc.dll C:\WINDOWS\BM47406f4e.xml C:\WINDOWS\ctrlpan.dll C:\WINDOWS\default.htm C:\WINDOWS\editpad.exe C:\WINDOWS\explore.exe C:\WINDOWS\explorer32.exe C:\WINDOWS\iedll.exe C:\WINDOWS\iexplorer.exe C:\WINDOWS\internet.exe C:\WINDOWS\loader.exe C:\WINDOWS\msconfd.dll C:\WINDOWS\mssys.exe C:\WINDOWS\msupdate.exe C:\WINDOWS\mtwirl32.dll C:\WINDOWS\notepad32.exe C:\WINDOWS\quicken.exe C:\WINDOWS\rundll16.exe C:\WINDOWS\sistem.exe C:\WINDOWS\svchost32.exe C:\WINDOWS\system32\hgGyaxur.dll C:\WINDOWS\system32\mrcotvbj.dll C:\WINDOWS\system32\opnnLBTM.dll C:\WINDOWS\system32\Process.exe C:\WINDOWS\system32\umvcrvap.dll C:\WINDOWS\system32\VCCLSID.exe C:\WINDOWS\system32\xrylqaub.dll C:\WINDOWS\win.tmp C:\WINDOWS\window.exe C:\WINDOWS\x.exe C:\WINDOWS\y.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\SDFix C:\SDFix\apps\assosfix.reg C:\SDFix\apps\cliptext.exe C:\SDFix\apps\download.exe C:\SDFix\apps\dummy.sys C:\SDFix\apps\Enable_Command_Prompt.reg C:\SDFix\apps\ERDNT.E_E C:\SDFix\apps\ERDNTDOS.LOC C:\SDFix\apps\ERDNTWIN.LOC C:\SDFix\apps\ERUNT.EXE C:\SDFix\apps\ERUNT.LOC C:\SDFix\apps\fix.reg C:\SDFix\apps\FixBH.reg C:\SDFix\apps\FixComponents.reg C:\SDFix\apps\FIXCU.reg C:\SDFix\apps\FIXLM.reg C:\SDFix\apps\FixPath.exe C:\SDFix\apps\FixRedir.reg C:\SDFix\apps\FixSchedule.reg C:\SDFix\apps\FixWebCheck.reg C:\SDFix\apps\fixXP.reg C:\SDFix\apps\FixXPsp2.reg C:\SDFix\apps\grep.exe C:\SDFix\apps\HPFix.reg C:\SDFix\apps\HPFix2.reg C:\SDFix\apps\HPFix3.reg C:\SDFix\apps\HPFix4.reg C:\SDFix\apps\HPFix5.reg C:\SDFix\apps\HPFix6.reg C:\SDFix\apps\HPFix7.reg C:\SDFix\apps\HPFix8.reg C:\SDFix\apps\isadmin.exe C:\SDFix\apps\leg2.txt C:\SDFix\apps\legacy.txt C:\SDFix\apps\legacybk.txt C:\SDFix\apps\locate.com C:\SDFix\apps\LS.exe C:\SDFix\apps\MD5File.exe C:\SDFix\apps\MyGcpvFix.reg C:\SDFix\apps\MyGkFix2.reg C:\SDFix\apps\Process.exe C:\SDFix\apps\procs.exe C:\SDFix\apps\psservice.exe C:\SDFix\apps\Rem.txt C:\SDFix\apps\Rem2.txt C:\SDFix\apps\Replace\regedit.exe C:\SDFix\apps\Replace\W2K.exe C:\SDFix\apps\Replace\w2k\beep.sys C:\SDFix\apps\Replace\w2k\null.sys C:\SDFix\apps\Replace\XP.exe C:\SDFix\apps\Replace\xp\beep.sys C:\SDFix\apps\Replace\xp\null.sys C:\SDFix\apps\Reset_AppInit_DLLs.reg C:\SDFix\apps\RestartIt!.exe C:\SDFix\apps\Restore_SecurityCenter.reg C:\SDFix\apps\Restore_SharedAccess.reg C:\SDFix\apps\sc.exe C:\SDFix\apps\sed.exe C:\SDFix\apps\SF.exe C:\SDFix\apps\shutdown.exe C:\SDFix\apps\srv2.txt C:\SDFix\apps\srv2bk.txt C:\SDFix\apps\svc.txt C:\SDFix\apps\svcbk.txt C:\SDFix\apps\swreg.exe C:\SDFix\apps\swsc.exe C:\SDFix\apps\unzip.exe C:\SDFix\apps\vfind.exe C:\SDFix\apps\WINMSG.EXE C:\SDFix\apps\winsec.reg C:\SDFix\apps\zip.exe C:\SDFix\backups\backupreg.zip C:\SDFix\backups\backups.zip C:\SDFix\backups\HOSTS C:\SDFix\catchme.exe C:\SDFix\dummy.sys C:\SDFix\Report.txt C:\SDFix\RunThis.bat C:\SDFix\SDFIX_ReadMe_Online.url C:\VIRUSfighter C:\VIRUSfighter\Bin\Npipe.dll C:\VIRUSfighter\Bin\NupdEx.dll C:\VIRUSfighter\Bin\Zanda.exe C:\WINDOWS\avpcc.dll C:\WINDOWS\BM47406f4e.xml C:\WINDOWS\ctrlpan.dll C:\WINDOWS\default.htm C:\WINDOWS\editpad.exe C:\WINDOWS\explore.exe C:\WINDOWS\explorer32.exe C:\WINDOWS\iedll.exe C:\WINDOWS\iexplorer.exe C:\WINDOWS\internet.exe C:\WINDOWS\loader.exe C:\WINDOWS\msconfd.dll C:\WINDOWS\mssys.exe C:\WINDOWS\msupdate.exe C:\WINDOWS\mtwirl32.dll C:\WINDOWS\notepad32.exe C:\WINDOWS\pskt.ini C:\WINDOWS\quicken.exe C:\WINDOWS\rundll16.exe C:\WINDOWS\sistem.exe C:\WINDOWS\svchost32.exe C:\WINDOWS\system32\hgGyaxur.dll C:\WINDOWS\system32\mrcotvbj.dll C:\WINDOWS\system32\opnnLBTM.dll C:\WINDOWS\system32\Process.exe C:\WINDOWS\system32\ruxayGgh.ini C:\WINDOWS\system32\umvcrvap.dll C:\WINDOWS\system32\VCCLSID.exe C:\WINDOWS\win.tmp C:\WINDOWS\window.exe C:\WINDOWS\x.exe C:\WINDOWS\y.exe . (((((((((((((((((((( Bestanden Gemaakt van 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))) . 2008-05-19 19:48 . 2008-05-19 19:48 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\Malwarebytes 2008-05-19 19:47 . 2008-05-19 19:47 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-19 19:47 . 2008-05-19 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-19 19:47 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-19 19:47 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-19 19:34 . 2008-05-19 20:14 114,688 --------- C:\WINDOWS\system32\kjsthmde.dll 2008-05-19 19:31 . 2008-05-19 19:31 134,656 --a------ C:\WINDOWS\system32\fcqewsjn.dll 2008-05-19 19:28 . 2008-05-19 19:28 114,688 --a------ C:\WINDOWS\system32\snrxkrrb.dll 2008-05-19 19:25 . 2008-05-19 20:14 124,928 --------- C:\WINDOWS\system32\suvljmxy.dll 2008-05-19 19:25 . 2008-05-19 19:25 2,560 --a------ C:\WINDOWS\system32\mucgvwwn.exe 2008-05-19 19:11 . 2008-05-19 20:14 114,688 --------- C:\WINDOWS\system32\osxvomqc.dll 2008-05-19 19:08 . 2008-05-19 19:08 134,656 --a------ C:\WINDOWS\system32\hjoehvnk.dll 2008-05-19 19:06 . 2008-05-19 19:06 2,560 --a------ C:\WINDOWS\system32\llmanoqj.exe 2008-05-19 19:03 . 2008-05-19 19:03 124,928 --a------ C:\WINDOWS\system32\eugbgtos.dll 2008-05-19 18:52 . 2008-05-19 19:05 414 ---hs---- C:\WINDOWS\system32\buaqlyrx.ini 2008-05-19 18:31 . 2008-05-19 20:25 <DIR> d-------- C:\quarantine 2008-05-19 18:30 . 2008-05-19 18:30 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-05-18 16:45 . 2008-05-18 16:45 <DIR> d-------- C:\WINDOWS\ERUNT 2008-05-18 12:17 . 2008-05-18 12:17 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\Uniblue 2008-05-18 11:49 . 2008-05-18 11:49 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-18 05:26 . 2008-05-18 05:26 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-05-18 05:07 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-18 05:07 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-18 05:07 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-18 05:07 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-18 04:06 . 2008-05-19 20:34 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-18 03:57 . 2008-05-19 18:50 227 --a------ C:\WINDOWS\system.tmp 2008-05-18 03:36 . 2006-08-24 11:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2008-05-18 03:36 . 2006-07-10 16:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2008-05-18 03:35 . 2008-05-18 04:03 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-05-18 03:35 . 2008-05-18 03:35 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\PC Tools 2008-05-18 01:40 . 2008-05-18 01:40 16,128 --a------ C:\WINDOWS\rundll32.vbe 2008-05-18 01:20 . 2004-09-02 13:00 4,224 --a------ C:\WINDOWS\system32\beep.sys 2008-05-18 01:19 . 2008-05-18 01:19 4 --a------ C:\WINDOWS\system32\hljwugsf.bin 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\PC Suite 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\Nokia 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite 2008-05-14 13:11 . 2008-05-14 13:11 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-05-14 13:11 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Nokia 2008-05-14 13:11 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-05-14 13:11 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-05-14 13:10 . 2008-05-14 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations 2008-05-13 12:48 . 2008-05-13 12:48 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-04-26 09:10 . 2008-04-26 09:10 <DIR> d-------- C:\Program Files\LimeWire 2008-04-26 09:10 . 2008-05-08 06:30 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\LimeWire 2008-04-25 20:00 . 2008-04-25 20:00 <DIR> d-------- C:\Program Files\Microsoft Works 2008-04-25 19:59 . 2008-04-25 19:59 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-04-25 19:55 . 2008-04-25 19:59 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-04-25 19:55 . 2008-04-25 19:55 <DIR> dr-h----- C:\MSOCache 2008-04-25 19:55 . 2008-05-15 06:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-04-24 08:15 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2008-04-24 08:15 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys 2008-04-24 08:15 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-04-24 08:15 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-04-21 21:46 . 2008-04-21 21:46 <DIR> d-------- C:\Program Files\vanBasco's Karaoke Player . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-18 02:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-17 23:18 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-14 11:11 --------- d-----w C:\Program Files\DIFX 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 13:28 --------- d-----w C:\Program Files\Java 2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-19 12:10 --------- d-----w C:\Program Files\Common Files\Java 2008-03-19 11:45 --------- d-----w C:\Documents and Settings\Drago\Application Data\Photodex 2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-19 00:24 87,865 ----a-w C:\WINDOWS\system32\Vxdif.dll 2008-02-19 00:08 21,393 ----a-w C:\WINDOWS\AegisP.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8816ebc8-551d-48c5-9239-0d603747ee94}] 2008-05-19 19:31 134656 --a------ C:\WINDOWS\system32\fcqewsjn.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 13:00 15360] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 11:47 65536] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-05-18 03:38 2115728] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-02 13:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 13:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 13:00 455168] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 23:40 64512] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-18 23:30 7122944] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:03 110592 C:\WINDOWS\system32\bthprops.cpl] "Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 13:11 73728] "TFncKy"="TFncKy.exe" [] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 11:51 823296] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 11:49 974848] "00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2005-05-11 13:02 253952] "000StTHK"="000StTHK.exe" [2001-06-23 05:28 24576 C:\WINDOWS\system32\000StTHK.exe] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2008-02-19 02:24 196608] "Kraidman"="C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe" [2005-08-11 16:37 1093712] "NDSTray.exe"="NDSTray.exe" [] "TPSMain"="TPSMain.exe" [2005-07-06 15:04 266240 C:\WINDOWS\system32\TPSMain.exe] "TPSODDCtl"="TPSODDCtl.exe" [2005-07-06 15:04 102400 C:\WINDOWS\system32\TPSODDCtl.exe] "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 13:25 1077327] "TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2005-09-01 13:29 102400] "TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 16:07 49152] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 14:28 118784] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 09:00 94208] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-12-07 04:55 131072] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 10:48 147514] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "Norman ZANDA"="C:\VIRUSfighter\bin\ZLH.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-02 13:00 15360] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-05-18 03:38 2115728] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Bluetooth Monitor.lnk - C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2008-02-19 00:31:33 65536] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-02-19 04:59:25 122880] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnLBTM] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\BitTornado\\btdownloadgui.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= R0 KR10N;KR10N;C:\WINDOWS\system32\DRIVERS\KR10N.sys [2008-02-18 20:19] R2 TOS_SPS;TOSHIBA SPS Driver;C:\Program Files\TOSHIBA\TMP2VDec\TOS_SPS.sys [2005-07-11 18:01] R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 16:18] R3 ttv400x;TOSHIBA PCI DVB-T/Analog Hybrid Tuner;C:\WINDOWS\system32\drivers\ttv400x.sys [2008-02-19 00:20] S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53] S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2003-05-07 16:54] *Newly Created Service* - ENTDRV51 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-19 20:34:41 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Action Script] "ImagePath"="\"\"" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\ehome\ehmsas.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Apoint2K\ApntEx.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe . ************************************************************************** . Voltooingstijd: 2008-05-19 20:37:06 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-19 18:36:52 ComboFix2.txt 2008-05-19 16:55:49 Pre-Run: 58,158,592,000 bytes beschikbaar Post-Run: 58,148,769,792 bytes beschikbaar 363 --- E O F --- 2008-05-16 21:45:13 --- log van hijackthis; Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:39:40, on 19-05-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\00THotkey.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Planet - Planet Homepage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: {49ee7473-06d0-9329-5c84-d1558cbe6188} - {8816ebc8-551d-48c5-9239-0d603747ee94} - C:\WINDOWS\system32\fcqewsjn.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Kraidman] C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\bin\ZLH.EXE /LOAD /SPLASH O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth Monitor.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203365513121 O17 - HKLM\System\CCS\Services\Tcpip\..\{473E2151-1AB9-4143-A034-521C7A354C28}: NameServer = 195.121.1.34,195.121.1.66 O20 - Winlogon Notify: opnnLBTM - C:\WINDOWS\ O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\bin\NJEEVES.EXE (file missing) O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Bin\Zanda.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Windows Action Script - Unknown owner - C:\WINDOWS\ O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11561 bytes
- 19 mei 2008
- 44 antwoorden
[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

ruskic reageerde op ruskic's topic in Archief Bestrijding malware & virussen

ben nu weer bezig met combofix. Mag ik je vragen hoe erg het is gesteld met m'n laptop? En heb je er een beetje vertrouwen in om hem te kunnen repareren?
- 19 mei 2008
- 44 antwoorden
[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

ruskic reageerde op ruskic's topic in Archief Bestrijding malware & virussen

logje van malwarebytes; Malwarebytes' Anti-Malware 1.12 Database versie: 768 Scan type: Snelle Scan Objecten gescand: 39206 Verstreken tijd: 7 minute(s), 48 second(s) Geheugenprocessen geïnfecteerd: 1 Geheugenmodulen geïnfecteerd: 4 Registersleutels geïnfecteerd: 11 Registerwaarden geïnfecteerd: 5 Registerdata bestanden geïnfecteerd: 3 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 10 Geheugenprocessen geïnfecteerd: C:\WINDOWS\system32\xwusuhzh.exe (Trojan.Agent) -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: C:\WINDOWS\system32\hgGyaxur.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\kjsthmde.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\osxvomqc.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\opnnLBTM.dll (Trojan.Vundo) -> Unloaded module successfully. Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64c7d42b-30d1-4a81-815d-87b3ade89c67} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{64c7d42b-30d1-4a81-815d-87b3ade89c67} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{36d9cb8d-b8ca-4a85-a879-06a71109f11e} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36d9cb8d-b8ca-4a85-a879-06a71109f11e} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnnlbtm (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\44735cd2 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM47406f4e (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{36d9cb8d-b8ca-4a85-a879-06a71109f11e} (Trojan.Vundo) -> Delete on reboot. Registerdata bestanden geïnfecteerd: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggyaxur -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\xwusuhzh.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggyaxur -> Delete on reboot. Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: C:\WINDOWS\system32\hgGyaxur.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\ruxayGgh.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ruxayGgh.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kjsthmde.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\edmhtsjk.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\osxvomqc.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\cqmovxso.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xwusuhzh.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\suvljmxy.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\opnnLBTM.dll (Trojan.Vundo) -> Delete on reboot.
- 19 mei 2008
- 44 antwoorden
[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

ruskic reageerde op ruskic's topic in Archief Bestrijding malware & virussen

ComboFix 08-05-15.3 - Drago 2008-05-19 18:31:35.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.357 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Drago\Bureaublad\12345.exe * Resident AV is active WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini C:\WINDOWS\default.htm C:\WINDOWS\explore.exe C:\WINDOWS\iexplorer.exe C:\WINDOWS\pskt.ini C:\WINDOWS\system32\buaqlyrx.ini C:\WINDOWS\system32\clbdll.dll C:\WINDOWS\system32\clbinit.dll C:\WINDOWS\system32\cqiaalwa.exe C:\WINDOWS\system32\drivers\clbdriver.sys C:\WINDOWS\system32\joohkgjt.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\ruxayGgh.ini C:\WINDOWS\system32\ruxayGgh.ini2 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CLBDRIVER (((((((((((((((((((( Bestanden Gemaakt van 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))) . 2008-05-19 18:51 . 2008-05-19 18:52 1,918 --a------ C:\WINDOWS\default.htm 2008-05-19 18:31 . 2008-05-19 18:31 <DIR> d-------- C:\quarantine 2008-05-19 18:30 . 2008-05-19 18:30 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-05-18 19:24 . 2008-05-18 19:24 32,000 --a------ C:\WINDOWS\msupdate.exe 2008-05-18 19:24 . 2008-05-18 19:24 21,504 --a------ C:\WINDOWS\notepad32.exe 2008-05-18 19:24 . 2008-05-18 19:24 20,736 --a------ C:\WINDOWS\svchost32.exe 2008-05-18 19:24 . 2008-05-18 19:24 15,360 --a------ C:\WINDOWS\window.exe 2008-05-18 17:25 . 2008-05-18 17:25 32,000 --a------ C:\WINDOWS\explorer32.exe 2008-05-18 17:25 . 2008-05-18 19:22 22,016 --a------ C:\WINDOWS\internet.exe 2008-05-18 17:25 . 2008-05-18 17:25 18,688 --a------ C:\WINDOWS\loader.exe 2008-05-18 17:25 . 2008-05-18 17:25 12,288 --a------ C:\WINDOWS\x.exe 2008-05-18 17:25 . 2008-05-18 17:25 11,520 --a------ C:\WINDOWS\y.exe 2008-05-18 16:45 . 2008-05-18 16:45 <DIR> d-------- C:\WINDOWS\ERUNT 2008-05-18 16:40 . 2008-05-18 17:25 <DIR> d-------- C:\SDFix 2008-05-18 16:33 . 2008-05-18 19:22 30,208 --a------ C:\WINDOWS\msconfd.dll 2008-05-18 16:33 . 2008-05-18 19:22 25,600 --a------ C:\WINDOWS\rundll16.exe 2008-05-18 16:33 . 2008-05-18 19:22 20,992 --a------ C:\WINDOWS\iedll.exe 2008-05-18 16:33 . 2008-05-18 19:22 14,080 --a------ C:\WINDOWS\quicken.exe 2008-05-18 16:33 . 2008-05-18 19:22 11,520 --a------ C:\WINDOWS\mssys.exe 2008-05-18 16:33 . 2008-05-18 19:22 8,704 --a------ C:\WINDOWS\editpad.exe 2008-05-18 14:47 . 2008-05-18 14:47 133,120 --a------ C:\WINDOWS\system32\umvcrvap.dll 2008-05-18 14:46 . 2008-05-18 14:46 117,248 --a------ C:\WINDOWS\system32\xrylqaub.dll 2008-05-18 14:44 . 2008-05-19 17:28 109,807 --a------ C:\WINDOWS\BM47406f4e.xml 2008-05-18 14:43 . 2008-05-18 14:43 124,928 --a------ C:\WINDOWS\system32\mrcotvbj.dll 2008-05-18 12:17 . 2008-05-18 12:17 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\Uniblue 2008-05-18 11:49 . 2008-05-18 11:49 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-18 11:43 . 2008-05-18 11:43 31,232 --a------ C:\WINDOWS\avpcc.dll 2008-05-18 11:43 . 2008-05-18 11:43 28,672 --a------ C:\WINDOWS\sistem.exe 2008-05-18 11:43 . 2008-05-18 11:43 27,136 --a------ C:\WINDOWS\mtwirl32.dll 2008-05-18 11:43 . 2008-05-18 11:43 20,736 --a------ C:\WINDOWS\ctrlpan.dll 2008-05-18 05:26 . 2008-05-18 05:26 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-05-18 05:07 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-18 05:07 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-18 05:07 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-18 05:07 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-05-18 05:07 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-18 05:07 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-18 04:40 . 2008-05-18 17:21 <DIR> d-------- C:\VIRUSfighter 2008-05-18 04:06 . 2008-05-19 18:48 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-18 03:57 . 2008-04-25 20:50 582 --a------ C:\WINDOWS\win.tmp 2008-05-18 03:57 . 2008-02-18 22:39 231 --a------ C:\WINDOWS\system.tmp 2008-05-18 03:36 . 2006-08-24 11:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2008-05-18 03:36 . 2006-07-10 16:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2008-05-18 03:35 . 2008-05-18 04:03 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-05-18 03:35 . 2008-05-18 03:35 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\PC Tools 2008-05-18 01:40 . 2008-05-18 01:40 16,128 --a------ C:\WINDOWS\rundll32.vbe 2008-05-18 01:24 . 2008-05-18 01:24 371,712 --a------ C:\WINDOWS\system32\hgGyaxur.dll 2008-05-18 01:20 . 2004-09-02 13:00 4,224 --a------ C:\WINDOWS\system32\beep.sys 2008-05-18 01:19 . 2008-05-18 01:19 87,513 --a------ C:\WINDOWS\system32\xwusuhzh.exe 2008-05-18 01:19 . 2008-05-18 01:19 4 --a------ C:\WINDOWS\system32\hljwugsf.bin 2008-05-18 01:18 . 2008-05-18 01:18 59,392 --a------ C:\WINDOWS\system32\opnnLBTM.dll 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\PC Suite 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\Nokia 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite 2008-05-14 13:11 . 2008-05-14 13:11 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-05-14 13:11 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Nokia 2008-05-14 13:11 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-05-14 13:11 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-05-14 13:10 . 2008-05-14 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations 2008-05-13 12:48 . 2008-05-13 12:48 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-04-26 09:10 . 2008-04-26 09:10 <DIR> d-------- C:\Program Files\LimeWire 2008-04-26 09:10 . 2008-05-08 06:30 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\LimeWire 2008-04-25 20:00 . 2008-04-25 20:00 <DIR> d-------- C:\Program Files\Microsoft Works 2008-04-25 19:59 . 2008-04-25 19:59 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-04-25 19:55 . 2008-04-25 19:59 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-04-25 19:55 . 2008-04-25 19:55 <DIR> dr-h----- C:\MSOCache 2008-04-25 19:55 . 2008-05-15 06:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-04-24 08:15 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2008-04-24 08:15 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys 2008-04-24 08:15 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-04-24 08:15 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-04-21 21:46 . 2008-04-21 21:46 <DIR> d-------- C:\Program Files\vanBasco's Karaoke Player . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-19 16:45 31,232 ----a-w C:\WINDOWS\explore.exe 2008-05-19 16:45 27,904 ----a-w C:\WINDOWS\iexplorer.exe 2008-05-18 02:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-17 23:18 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-14 11:11 --------- d-----w C:\Program Files\DIFX 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 13:28 --------- d-----w C:\Program Files\Java 2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-19 12:10 --------- d-----w C:\Program Files\Common Files\Java 2008-03-19 11:45 --------- d-----w C:\Documents and Settings\Drago\Application Data\Photodex 2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-19 00:24 87,865 ----a-w C:\WINDOWS\system32\Vxdif.dll 2008-02-19 00:08 21,393 ----a-w C:\WINDOWS\AegisP.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36D9CB8D-B8CA-4A85-A879-06A71109F11E}] 2008-05-18 01:18 59392 --a------ C:\WINDOWS\system32\opnnLBTM.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D8F30BE-4625-46CD-9C23-6B099ECF218E}] 2008-05-18 01:24 371712 --a------ C:\WINDOWS\system32\hgGyaxur.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e21b11a-6b5c-4790-a7a1-6d36ab3865c7}] 2008-05-18 14:47 133120 --a------ C:\WINDOWS\system32\umvcrvap.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 13:00 15360] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 11:47 65536] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-05-18 03:38 2115728] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-02 13:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 13:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 13:00 455168] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 23:40 64512] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-18 23:30 7122944] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:03 110592 C:\WINDOWS\system32\bthprops.cpl] "Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 13:11 73728] "TFncKy"="TFncKy.exe" [] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 11:51 823296] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 11:49 974848] "00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2005-05-11 13:02 253952] "000StTHK"="000StTHK.exe" [2001-06-23 05:28 24576 C:\WINDOWS\system32\000StTHK.exe] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2008-02-19 02:24 196608] "Kraidman"="C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe" [2005-08-11 16:37 1093712] "NDSTray.exe"="NDSTray.exe" [] "TPSMain"="TPSMain.exe" [2005-07-06 15:04 266240 C:\WINDOWS\system32\TPSMain.exe] "TPSODDCtl"="TPSODDCtl.exe" [2005-07-06 15:04 102400 C:\WINDOWS\system32\TPSODDCtl.exe] "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 13:25 1077327] "TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2005-09-01 13:29 102400] "TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 16:07 49152] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 14:28 118784] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 09:00 94208] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-12-07 04:55 131072] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 10:48 147514] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "Norman ZANDA"="C:\VIRUSfighter\bin\ZLH.exe" [ ] "44735cd2"="C:\WINDOWS\system32\xrylqaub.dll" [2008-05-18 14:46 117248] "BM47406f4e"="C:\WINDOWS\system32\mrcotvbj.dll" [2008-05-18 14:43 124928] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-02 13:00 15360] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-05-18 03:38 2115728] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Bluetooth Monitor.lnk - C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2008-02-19 00:31:33 65536] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-02-19 04:59:25 122880] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme "DisableTaskMgr"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{36D9CB8D-B8CA-4A85-A879-06A71109F11E}"= C:\WINDOWS\system32\opnnLBTM.dll [2008-05-18 01:18 59392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\xwusuhzh.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnLBTM] opnnLBTM.dll 2008-05-18 01:18 59392 C:\WINDOWS\system32\opnnLBTM.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\BitTornado\\btdownloadgui.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= R0 KR10N;KR10N;C:\WINDOWS\system32\DRIVERS\KR10N.sys [2008-02-18 20:19] R2 TOS_SPS;TOSHIBA SPS Driver;C:\Program Files\TOSHIBA\TMP2VDec\TOS_SPS.sys [2005-07-11 18:01] R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 16:18] R3 ttv400x;TOSHIBA PCI DVB-T/Analog Hybrid Tuner;C:\WINDOWS\system32\drivers\ttv400x.sys [2008-02-19 00:20] S2 Windows Action Script;Windows Action Script;"C:\WINDOWS\system32\scvhost.exe" [] S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53] S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2003-05-07 16:54] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-19 18:50:57 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... C:\WINDOWS\default.htm 1918 bytes Scan succesvol afgerond verborgen bestanden: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\opnnLBTM.dll PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\xrylqaub.dll -> C:\WINDOWS\system32\mrcotvbj.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\VIRUSfighter\Bin\Zanda.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\xwusuhzh.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Apoint2K\ApntEx.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe . ************************************************************************** . Voltooingstijd: 2008-05-19 18:55:42 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-19 16:55:24 Pre-Run: 58,158,166,016 bytes beschikbaar Post-Run: 58,096,209,920 bytes beschikbaar 297 --- E O F --- 2008-05-16 21:45:13
- 19 mei 2008
- 44 antwoorden
[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

ruskic reageerde op ruskic's topic in Archief Bestrijding malware & virussen

Ik heb goed nieuws, die malware wilde ook niet, totdat ik de naam van de programmas veranderde in mijn naam. toen runde die. En ik bedacht misschien werkt dat bij combofix ook, en gelijk had ik.Ik ga nu de stappen uitvoeren die voor combofix bedoeld zijn
- 19 mei 2008
- 44 antwoorden
[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

ruskic reageerde op ruskic's topic in Archief Bestrijding malware & virussen

nope dit werkt ook niet. ik heb ook via andere sites geprobeerd om combofix te downloaden, maar hij laat het niet toe bij elke site staat er; deze pagina kan niet worden weergeven. Terwijl het op de andere laptop wel werkt
- 19 mei 2008
- 44 antwoorden
[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

ruskic reageerde op ruskic's topic in Archief Bestrijding malware & virussen

ik begrijp alles wat je zegt, maar de laptop doet niet zijn ding. is het misschien verstandiger hem in de veilige modus op te starten en het weer te proberen, want dit schiet écht niet op zo. Ik heb al meerdere malen geprobeerd om op dat pictogrammetje met het witte kruis te klikken maar er opent geen een venster. en de virusscan is uit :S
- 18 mei 2008
- 44 antwoorden
[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

ruskic reageerde op ruskic's topic in Archief Bestrijding malware & virussen

Ja ik weet niet wat ik moet doen om de virusscanner uit te zetten. Disabelen of niet? Ik heb de virusscan on access scan uitgezet. Als ik op jouw link klik doet hij nog steeds niks. Wéér zegt hij 'pagina kan niet worden weergeven'. Heb met rechts op die pictogram van combofix die ik via de usb erop heb gezet, geklikt en toen op 'extract files here' geklikt. Toen kwam er een nieuwe map op het bureaublad met allemaal bestanden erin. Er staat één bestandje van combofix, maar die is 1kb groot :S Heb er tóch op geklikt en er kwam een melding van; "u probeert een bestand van het type Systeembestand (.sys te openen) Dergelijke bestanden worden door het besturingssysteem en diverse programma's gebruikt. Het bewerken of wijzigen van deze bestanden kan schadelijke gevolgen voor uw systeem hebben. Klik op openen met.. als u toch dit bestand wilt openen. Klik anders op annuleren". Toen klikte ik op openen met, en hij wilt nu een programma zoeken waarmee hij dat bestand kan openen. Dit klopt niet, volgens mij doe ik toch iets fout
- 18 mei 2008
- 44 antwoorden
[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

ruskic reageerde op ruskic's topic in Archief Bestrijding malware & virussen

ik had combofix trouwens via de andere laptop gedownload en op de usb stick gezet en meteen op bureaublad geplaatst. als ik via mijn laptop op jouw link klik krijg ik dit; http://i32.tinypic.com/2d83r03.jpg
- 18 mei 2008
- 44 antwoorden
[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

ruskic reageerde op ruskic's topic in Archief Bestrijding malware & virussen

Ik heb de combofix van je link gedownload rechtstreeks naar m'n bureau blad. Er is geen map alleen een pictogram met een rood rondje en een wit kruis erin. Als ik erop klik doet de laptop helemaal niks. hij opent hem niet eens :S
- 18 mei 2008
- 44 antwoorden
[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

ruskic reageerde op ruskic's topic in Archief Bestrijding malware & virussen

Beste Kape, bedankt voor je snelle reactie ik heb alles gedaan wat je van me hebt gevraagd. Alleen het is niet gelukt om dat dikgedrukte bestandje xwusuhzh.exe te verwijderen uit de system32 map. Hier de Sdf raport SDFix: Version 1.183 Run by Drago on 18-05-2008 at 17:09 Microsoft Windows XP [versie 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Default Desktop Wallpaper Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\x.exe - Deleted C:\WINDOWS\y.exe - Deleted C:\WINDOWS\default.htm - Deleted C:\WINDOWS\explore.exe - Deleted C:\WINDOWS\explorer32.exe - Deleted C:\WINDOWS\iexplorer.exe - Deleted C:\WINDOWS\internet.exe - Deleted C:\WINDOWS\loader.exe - Deleted C:\WINDOWS\svchost32.exe - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-18 17:23:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys] @="driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\clbdriver.sys] @="driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00037a2ca005] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clbdriver] "start"=dword:00000001 "type"=dword:00000001 "imagepath"=str(2):"\??\globalroot\systemroot\system32\drivers\clbdriver.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\clbdriver.sys] @="driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\clbdriver.sys] @="driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00037a2ca005] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\clbdriver] "start"=dword:00000001 "type"=dword:00000001 "imagepath"=str(2):"\??\globalroot\systemroot\system32\drivers\clbdriver.sys" scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\clbImageData] "affid"="7" "subid"="run04" "control"=hex:1a,00,15,13,07,11,18,1f,14,0a,49,09,4b,1a,09,50,11,e5,f5 "prov"="10010" "googleadserver"="pagead2.googlesyndication.com" "flagged"=dword:00000001 scanning hidden files ... C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll 110080 bytes executable C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll 498688 bytes executable C:\WINDOWS\system32\drivers\clbdriver.sys 6656 bytes executable C:\WINDOWS\system32\dllcache\clb.dll 11264 bytes executable C:\WINDOWS\system32\dllcache\clbcatex.dll 110080 bytes executable C:\WINDOWS\system32\dllcache\clbcatq.dll 498688 bytes executable C:\WINDOWS\system32\clb.dll 11264 bytes executable C:\WINDOWS\system32\clbcatex.dll 110080 bytes executable C:\WINDOWS\system32\clbcatq.dll 498688 bytes executable C:\WINDOWS\system32\clbdll.dll 31560 bytes executable C:\WINDOWS\system32\clbinit.dll 1695 bytes C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll 110080 bytes executable C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll 501248 bytes executable scan completed successfully hidden processes: 0 hidden services: 1 hidden files: 13 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files : C:\WINDOWS\x.exe Found C:\WINDOWS\y.exe Found C:\WINDOWS\default.htm Found C:\WINDOWS\explore.exe Found C:\WINDOWS\explorer32.exe Found C:\WINDOWS\iexplorer.exe Found C:\WINDOWS\internet.exe Found C:\WINDOWS\loader.exe Found C:\WINDOWS\svchost32.exe Found File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 18 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a282fd7b00204b775909f4664bd74484\BIT4.tmp" Sun 18 May 2008 5,686 A.SH. --- "C:\Documents and Settings\All Users\Documenten\Tv-opnamen\TempRec\TempSBE\SBE1.tmp" Sun 18 May 2008 5,940 A.SH. --- "C:\Documents and Settings\All Users\Documenten\Tv-opnamen\TempRec\TempSBE\SBE2.tmp" Finished! en hier een nieuw HJT-logje; (heb ik net gemaakt, dus ná het 'do only a systemscan') Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:53:07, on 18-05-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\VIRUSfighter\Bin\Zanda.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\xwusuhzh.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\00THotkey.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\xwusuhzh.exe, O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Kraidman] C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [44735cd2] rundll32.exe "C:\WINDOWS\system32\xrylqaub.dll",b O4 - HKLM\..\Run: [bM47406f4e] Rundll32.exe "C:\WINDOWS\system32\mrcotvbj.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth Monitor.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203365513121 O17 - HKLM\System\CCS\Services\Tcpip\..\{473E2151-1AB9-4143-A034-521C7A354C28}: NameServer = 195.121.1.34,195.121.1.66 O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\bin\NJEEVES.EXE (file missing) O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Bin\Zanda.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Windows Action Script - Unknown owner - C:\WINDOWS\system32\scvhost.exe (file missing) O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11022 bytes verder heb ik de hele dag al last van deze bureaubladachtergrond Image - TinyPic - Deel de ervaring!™ Hoop weer gauw van u te horen
- 18 mei 2008
- 44 antwoorden
[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

ruskic plaatste een topic in Archief Bestrijding malware & virussen

Goedemiddag, vanacht toen ik het programma Adobe Photoshop CS3 wilde installeren viel opeens m'n internet uit. En er kwamen meldingen over spyware. M'n bureaublad achtergrond is nu blauw en er staat 'uw computer is overgenomen door spyware, klik hier om ..." Ik heb geprobeerd via m'n eigen laptop op het forum hijackthis.nl te komen, maar er zit blijkbaar een virus die de site hijackthis.nl blokkeert. De rest van de sites doet het wel, behalve dan sites tegen malware en spyware en dergelijke virussen. Ik heb ook geprobeerd om Trend Micro Hijack this te downloaden maar ook dát liet hij niet toe. Ik heb m'n laptop 'schoongemaakt' met ATF- cleaner en Smidfraudfix , maar er staat bij Sff dat hij niet alle bestanden kon verwijderen. M'n laptop loopt namelijk op twee processoren. En het schijnt dat door die twee processoren niet alles schoon kan maken. Ik heb de officiële versie van Spyware doctor gekocht en hij maakt de laptop ook schoon, behalve dat éne bestandje. Dit bericht typ ik via m'n andere laptop die ook verscheidene trojans heeft, maar dat terzijde. Edit; Heb even Hijackthis op usb stick gedownload en vervolgens in de laptop gedaan. En heb nu wèl een logbestandje voor jullie; Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:50:23, on 18-05-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\VIRUSfighter\Bin\Zanda.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\xwusuhzh.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\VIRUSfighter\bin\NJEEVES.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\00THotkey.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\VIRUSfighter\bin\ZLH.EXE C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\xwusuhzh.exe, O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Kraidman] C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\bin\ZLH.EXE /LOAD /SPLASH O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth Monitor.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203365513121 O17 - HKLM\System\CCS\Services\Tcpip\..\{473E2151-1AB9-4143-A034-521C7A354C28}: NameServer = 195.121.1.34,195.121.1.66 O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Bin\Zanda.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Windows Action Script - Unknown owner - C:\WINDOWS\system32\scvhost.exe (file missing) O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10677 bytes hoop écht dat iemand me kan helpen, heb zoveel dingen op m'n laptop staan die ik voor m'n werk nodig heb.
- 18 mei 2008
- 44 antwoorden

Inloggen

ruskic

Items

Registratiedatum

Laatst bezocht

Inhoudstype

Profielen

Forums

Store

Alles dat geplaatst werd door ruskic

[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

OVER ONS

SITEMAP

Home

Info

Handleidingen & Tips

Activiteit

Belangrijke informatie