ruskic
-
Items
84 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door ruskic
-
ComboFix 08-05-15.3 - Drago 2008-05-19 18:31:35.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.357 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Drago\Bureaublad\12345.exe * Resident AV is active WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini C:\WINDOWS\default.htm C:\WINDOWS\explore.exe C:\WINDOWS\iexplorer.exe C:\WINDOWS\pskt.ini C:\WINDOWS\system32\buaqlyrx.ini C:\WINDOWS\system32\clbdll.dll C:\WINDOWS\system32\clbinit.dll C:\WINDOWS\system32\cqiaalwa.exe C:\WINDOWS\system32\drivers\clbdriver.sys C:\WINDOWS\system32\joohkgjt.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\ruxayGgh.ini C:\WINDOWS\system32\ruxayGgh.ini2 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CLBDRIVER (((((((((((((((((((( Bestanden Gemaakt van 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))) . 2008-05-19 18:51 . 2008-05-19 18:52 1,918 --a------ C:\WINDOWS\default.htm 2008-05-19 18:31 . 2008-05-19 18:31 <DIR> d-------- C:\quarantine 2008-05-19 18:30 . 2008-05-19 18:30 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-05-18 19:24 . 2008-05-18 19:24 32,000 --a------ C:\WINDOWS\msupdate.exe 2008-05-18 19:24 . 2008-05-18 19:24 21,504 --a------ C:\WINDOWS\notepad32.exe 2008-05-18 19:24 . 2008-05-18 19:24 20,736 --a------ C:\WINDOWS\svchost32.exe 2008-05-18 19:24 . 2008-05-18 19:24 15,360 --a------ C:\WINDOWS\window.exe 2008-05-18 17:25 . 2008-05-18 17:25 32,000 --a------ C:\WINDOWS\explorer32.exe 2008-05-18 17:25 . 2008-05-18 19:22 22,016 --a------ C:\WINDOWS\internet.exe 2008-05-18 17:25 . 2008-05-18 17:25 18,688 --a------ C:\WINDOWS\loader.exe 2008-05-18 17:25 . 2008-05-18 17:25 12,288 --a------ C:\WINDOWS\x.exe 2008-05-18 17:25 . 2008-05-18 17:25 11,520 --a------ C:\WINDOWS\y.exe 2008-05-18 16:45 . 2008-05-18 16:45 <DIR> d-------- C:\WINDOWS\ERUNT 2008-05-18 16:40 . 2008-05-18 17:25 <DIR> d-------- C:\SDFix 2008-05-18 16:33 . 2008-05-18 19:22 30,208 --a------ C:\WINDOWS\msconfd.dll 2008-05-18 16:33 . 2008-05-18 19:22 25,600 --a------ C:\WINDOWS\rundll16.exe 2008-05-18 16:33 . 2008-05-18 19:22 20,992 --a------ C:\WINDOWS\iedll.exe 2008-05-18 16:33 . 2008-05-18 19:22 14,080 --a------ C:\WINDOWS\quicken.exe 2008-05-18 16:33 . 2008-05-18 19:22 11,520 --a------ C:\WINDOWS\mssys.exe 2008-05-18 16:33 . 2008-05-18 19:22 8,704 --a------ C:\WINDOWS\editpad.exe 2008-05-18 14:47 . 2008-05-18 14:47 133,120 --a------ C:\WINDOWS\system32\umvcrvap.dll 2008-05-18 14:46 . 2008-05-18 14:46 117,248 --a------ C:\WINDOWS\system32\xrylqaub.dll 2008-05-18 14:44 . 2008-05-19 17:28 109,807 --a------ C:\WINDOWS\BM47406f4e.xml 2008-05-18 14:43 . 2008-05-18 14:43 124,928 --a------ C:\WINDOWS\system32\mrcotvbj.dll 2008-05-18 12:17 . 2008-05-18 12:17 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\Uniblue 2008-05-18 11:49 . 2008-05-18 11:49 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-18 11:43 . 2008-05-18 11:43 31,232 --a------ C:\WINDOWS\avpcc.dll 2008-05-18 11:43 . 2008-05-18 11:43 28,672 --a------ C:\WINDOWS\sistem.exe 2008-05-18 11:43 . 2008-05-18 11:43 27,136 --a------ C:\WINDOWS\mtwirl32.dll 2008-05-18 11:43 . 2008-05-18 11:43 20,736 --a------ C:\WINDOWS\ctrlpan.dll 2008-05-18 05:26 . 2008-05-18 05:26 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-05-18 05:07 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-18 05:07 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-18 05:07 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-18 05:07 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-05-18 05:07 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-18 05:07 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-18 04:40 . 2008-05-18 17:21 <DIR> d-------- C:\VIRUSfighter 2008-05-18 04:06 . 2008-05-19 18:48 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-18 03:57 . 2008-04-25 20:50 582 --a------ C:\WINDOWS\win.tmp 2008-05-18 03:57 . 2008-02-18 22:39 231 --a------ C:\WINDOWS\system.tmp 2008-05-18 03:36 . 2006-08-24 11:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2008-05-18 03:36 . 2006-07-10 16:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2008-05-18 03:35 . 2008-05-18 04:03 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-05-18 03:35 . 2008-05-18 03:35 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\PC Tools 2008-05-18 01:40 . 2008-05-18 01:40 16,128 --a------ C:\WINDOWS\rundll32.vbe 2008-05-18 01:24 . 2008-05-18 01:24 371,712 --a------ C:\WINDOWS\system32\hgGyaxur.dll 2008-05-18 01:20 . 2004-09-02 13:00 4,224 --a------ C:\WINDOWS\system32\beep.sys 2008-05-18 01:19 . 2008-05-18 01:19 87,513 --a------ C:\WINDOWS\system32\xwusuhzh.exe 2008-05-18 01:19 . 2008-05-18 01:19 4 --a------ C:\WINDOWS\system32\hljwugsf.bin 2008-05-18 01:18 . 2008-05-18 01:18 59,392 --a------ C:\WINDOWS\system32\opnnLBTM.dll 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\PC Suite 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\Nokia 2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite 2008-05-14 13:11 . 2008-05-14 13:11 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-05-14 13:11 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Nokia 2008-05-14 13:11 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-05-14 13:11 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-05-14 13:10 . 2008-05-14 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations 2008-05-13 12:48 . 2008-05-13 12:48 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-04-26 09:10 . 2008-04-26 09:10 <DIR> d-------- C:\Program Files\LimeWire 2008-04-26 09:10 . 2008-05-08 06:30 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\LimeWire 2008-04-25 20:00 . 2008-04-25 20:00 <DIR> d-------- C:\Program Files\Microsoft Works 2008-04-25 19:59 . 2008-04-25 19:59 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-04-25 19:55 . 2008-04-25 19:59 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-04-25 19:55 . 2008-04-25 19:55 <DIR> dr-h----- C:\MSOCache 2008-04-25 19:55 . 2008-05-15 06:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-04-24 08:15 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2008-04-24 08:15 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys 2008-04-24 08:15 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-04-24 08:15 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-04-21 21:46 . 2008-04-21 21:46 <DIR> d-------- C:\Program Files\vanBasco's Karaoke Player . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-19 16:45 31,232 ----a-w C:\WINDOWS\explore.exe 2008-05-19 16:45 27,904 ----a-w C:\WINDOWS\iexplorer.exe 2008-05-18 02:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-17 23:18 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-14 11:11 --------- d-----w C:\Program Files\DIFX 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 13:28 --------- d-----w C:\Program Files\Java 2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-19 12:10 --------- d-----w C:\Program Files\Common Files\Java 2008-03-19 11:45 --------- d-----w C:\Documents and Settings\Drago\Application Data\Photodex 2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-19 00:24 87,865 ----a-w C:\WINDOWS\system32\Vxdif.dll 2008-02-19 00:08 21,393 ----a-w C:\WINDOWS\AegisP.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36D9CB8D-B8CA-4A85-A879-06A71109F11E}] 2008-05-18 01:18 59392 --a------ C:\WINDOWS\system32\opnnLBTM.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D8F30BE-4625-46CD-9C23-6B099ECF218E}] 2008-05-18 01:24 371712 --a------ C:\WINDOWS\system32\hgGyaxur.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e21b11a-6b5c-4790-a7a1-6d36ab3865c7}] 2008-05-18 14:47 133120 --a------ C:\WINDOWS\system32\umvcrvap.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 13:00 15360] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 11:47 65536] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-05-18 03:38 2115728] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-02 13:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 13:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 13:00 455168] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 23:40 64512] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-18 23:30 7122944] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:03 110592 C:\WINDOWS\system32\bthprops.cpl] "Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 13:11 73728] "TFncKy"="TFncKy.exe" [] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 11:51 823296] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 11:49 974848] "00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2005-05-11 13:02 253952] "000StTHK"="000StTHK.exe" [2001-06-23 05:28 24576 C:\WINDOWS\system32\000StTHK.exe] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2008-02-19 02:24 196608] "Kraidman"="C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe" [2005-08-11 16:37 1093712] "NDSTray.exe"="NDSTray.exe" [] "TPSMain"="TPSMain.exe" [2005-07-06 15:04 266240 C:\WINDOWS\system32\TPSMain.exe] "TPSODDCtl"="TPSODDCtl.exe" [2005-07-06 15:04 102400 C:\WINDOWS\system32\TPSODDCtl.exe] "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 13:25 1077327] "TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2005-09-01 13:29 102400] "TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 16:07 49152] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 14:28 118784] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 09:00 94208] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-12-07 04:55 131072] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 10:48 147514] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "Norman ZANDA"="C:\VIRUSfighter\bin\ZLH.exe" [ ] "44735cd2"="C:\WINDOWS\system32\xrylqaub.dll" [2008-05-18 14:46 117248] "BM47406f4e"="C:\WINDOWS\system32\mrcotvbj.dll" [2008-05-18 14:43 124928] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-02 13:00 15360] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-05-18 03:38 2115728] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Bluetooth Monitor.lnk - C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2008-02-19 00:31:33 65536] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-02-19 04:59:25 122880] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme "DisableTaskMgr"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{36D9CB8D-B8CA-4A85-A879-06A71109F11E}"= C:\WINDOWS\system32\opnnLBTM.dll [2008-05-18 01:18 59392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\xwusuhzh.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnLBTM] opnnLBTM.dll 2008-05-18 01:18 59392 C:\WINDOWS\system32\opnnLBTM.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\BitTornado\\btdownloadgui.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= R0 KR10N;KR10N;C:\WINDOWS\system32\DRIVERS\KR10N.sys [2008-02-18 20:19] R2 TOS_SPS;TOSHIBA SPS Driver;C:\Program Files\TOSHIBA\TMP2VDec\TOS_SPS.sys [2005-07-11 18:01] R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 16:18] R3 ttv400x;TOSHIBA PCI DVB-T/Analog Hybrid Tuner;C:\WINDOWS\system32\drivers\ttv400x.sys [2008-02-19 00:20] S2 Windows Action Script;Windows Action Script;"C:\WINDOWS\system32\scvhost.exe" [] S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53] S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2003-05-07 16:54] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-19 18:50:57 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... C:\WINDOWS\default.htm 1918 bytes Scan succesvol afgerond verborgen bestanden: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\opnnLBTM.dll PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\xrylqaub.dll -> C:\WINDOWS\system32\mrcotvbj.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\VIRUSfighter\Bin\Zanda.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\xwusuhzh.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Apoint2K\ApntEx.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe . ************************************************************************** . Voltooingstijd: 2008-05-19 18:55:42 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-19 16:55:24 Pre-Run: 58,158,166,016 bytes beschikbaar Post-Run: 58,096,209,920 bytes beschikbaar 297 --- E O F --- 2008-05-16 21:45:13
-
Ik heb goed nieuws, die malware wilde ook niet, totdat ik de naam van de programmas veranderde in mijn naam. toen runde die. En ik bedacht misschien werkt dat bij combofix ook, en gelijk had ik.Ik ga nu de stappen uitvoeren die voor combofix bedoeld zijn
-
nope dit werkt ook niet. ik heb ook via andere sites geprobeerd om combofix te downloaden, maar hij laat het niet toe bij elke site staat er; deze pagina kan niet worden weergeven. Terwijl het op de andere laptop wel werkt
-
ik begrijp alles wat je zegt, maar de laptop doet niet zijn ding. is het misschien verstandiger hem in de veilige modus op te starten en het weer te proberen, want dit schiet écht niet op zo. Ik heb al meerdere malen geprobeerd om op dat pictogrammetje met het witte kruis te klikken maar er opent geen een venster. en de virusscan is uit :S
-
Ja ik weet niet wat ik moet doen om de virusscanner uit te zetten. Disabelen of niet? Ik heb de virusscan on access scan uitgezet. Als ik op jouw link klik doet hij nog steeds niks. Wéér zegt hij 'pagina kan niet worden weergeven'. Heb met rechts op die pictogram van combofix die ik via de usb erop heb gezet, geklikt en toen op 'extract files here' geklikt. Toen kwam er een nieuwe map op het bureaublad met allemaal bestanden erin. Er staat één bestandje van combofix, maar die is 1kb groot :S Heb er tóch op geklikt en er kwam een melding van; "u probeert een bestand van het type Systeembestand (.sys te openen) Dergelijke bestanden worden door het besturingssysteem en diverse programma's gebruikt. Het bewerken of wijzigen van deze bestanden kan schadelijke gevolgen voor uw systeem hebben. Klik op openen met.. als u toch dit bestand wilt openen. Klik anders op annuleren". Toen klikte ik op openen met, en hij wilt nu een programma zoeken waarmee hij dat bestand kan openen. Dit klopt niet, volgens mij doe ik toch iets fout
-
ik had combofix trouwens via de andere laptop gedownload en op de usb stick gezet en meteen op bureaublad geplaatst. als ik via mijn laptop op jouw link klik krijg ik dit; http://i32.tinypic.com/2d83r03.jpg
-
Ik heb de combofix van je link gedownload rechtstreeks naar m'n bureau blad. Er is geen map alleen een pictogram met een rood rondje en een wit kruis erin. Als ik erop klik doet de laptop helemaal niks. hij opent hem niet eens :S
-
Beste Kape, bedankt voor je snelle reactie ik heb alles gedaan wat je van me hebt gevraagd. Alleen het is niet gelukt om dat dikgedrukte bestandje xwusuhzh.exe te verwijderen uit de system32 map. Hier de Sdf raport SDFix: Version 1.183 Run by Drago on 18-05-2008 at 17:09 Microsoft Windows XP [versie 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Default Desktop Wallpaper Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\x.exe - Deleted C:\WINDOWS\y.exe - Deleted C:\WINDOWS\default.htm - Deleted C:\WINDOWS\explore.exe - Deleted C:\WINDOWS\explorer32.exe - Deleted C:\WINDOWS\iexplorer.exe - Deleted C:\WINDOWS\internet.exe - Deleted C:\WINDOWS\loader.exe - Deleted C:\WINDOWS\svchost32.exe - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-18 17:23:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys] @="driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\clbdriver.sys] @="driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00037a2ca005] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clbdriver] "start"=dword:00000001 "type"=dword:00000001 "imagepath"=str(2):"\??\globalroot\systemroot\system32\drivers\clbdriver.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\clbdriver.sys] @="driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\clbdriver.sys] @="driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00037a2ca005] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\clbdriver] "start"=dword:00000001 "type"=dword:00000001 "imagepath"=str(2):"\??\globalroot\systemroot\system32\drivers\clbdriver.sys" scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\clbImageData] "affid"="7" "subid"="run04" "control"=hex:1a,00,15,13,07,11,18,1f,14,0a,49,09,4b,1a,09,50,11,e5,f5 "prov"="10010" "googleadserver"="pagead2.googlesyndication.com" "flagged"=dword:00000001 scanning hidden files ... C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll 110080 bytes executable C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll 498688 bytes executable C:\WINDOWS\system32\drivers\clbdriver.sys 6656 bytes executable C:\WINDOWS\system32\dllcache\clb.dll 11264 bytes executable C:\WINDOWS\system32\dllcache\clbcatex.dll 110080 bytes executable C:\WINDOWS\system32\dllcache\clbcatq.dll 498688 bytes executable C:\WINDOWS\system32\clb.dll 11264 bytes executable C:\WINDOWS\system32\clbcatex.dll 110080 bytes executable C:\WINDOWS\system32\clbcatq.dll 498688 bytes executable C:\WINDOWS\system32\clbdll.dll 31560 bytes executable C:\WINDOWS\system32\clbinit.dll 1695 bytes C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll 110080 bytes executable C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll 501248 bytes executable scan completed successfully hidden processes: 0 hidden services: 1 hidden files: 13 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files : C:\WINDOWS\x.exe Found C:\WINDOWS\y.exe Found C:\WINDOWS\default.htm Found C:\WINDOWS\explore.exe Found C:\WINDOWS\explorer32.exe Found C:\WINDOWS\iexplorer.exe Found C:\WINDOWS\internet.exe Found C:\WINDOWS\loader.exe Found C:\WINDOWS\svchost32.exe Found File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 18 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a282fd7b00204b775909f4664bd74484\BIT4.tmp" Sun 18 May 2008 5,686 A.SH. --- "C:\Documents and Settings\All Users\Documenten\Tv-opnamen\TempRec\TempSBE\SBE1.tmp" Sun 18 May 2008 5,940 A.SH. --- "C:\Documents and Settings\All Users\Documenten\Tv-opnamen\TempRec\TempSBE\SBE2.tmp" Finished! en hier een nieuw HJT-logje; (heb ik net gemaakt, dus ná het 'do only a systemscan') Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:53:07, on 18-05-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\VIRUSfighter\Bin\Zanda.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\xwusuhzh.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\00THotkey.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\xwusuhzh.exe, O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Kraidman] C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [44735cd2] rundll32.exe "C:\WINDOWS\system32\xrylqaub.dll",b O4 - HKLM\..\Run: [bM47406f4e] Rundll32.exe "C:\WINDOWS\system32\mrcotvbj.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth Monitor.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203365513121 O17 - HKLM\System\CCS\Services\Tcpip\..\{473E2151-1AB9-4143-A034-521C7A354C28}: NameServer = 195.121.1.34,195.121.1.66 O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\bin\NJEEVES.EXE (file missing) O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Bin\Zanda.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Windows Action Script - Unknown owner - C:\WINDOWS\system32\scvhost.exe (file missing) O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11022 bytes verder heb ik de hele dag al last van deze bureaubladachtergrond Image - TinyPic - Deel de ervaring!™ Hoop weer gauw van u te horen
-
Goedemiddag, vanacht toen ik het programma Adobe Photoshop CS3 wilde installeren viel opeens m'n internet uit. En er kwamen meldingen over spyware. M'n bureaublad achtergrond is nu blauw en er staat 'uw computer is overgenomen door spyware, klik hier om ..." Ik heb geprobeerd via m'n eigen laptop op het forum hijackthis.nl te komen, maar er zit blijkbaar een virus die de site hijackthis.nl blokkeert. De rest van de sites doet het wel, behalve dan sites tegen malware en spyware en dergelijke virussen. Ik heb ook geprobeerd om Trend Micro Hijack this te downloaden maar ook dát liet hij niet toe. Ik heb m'n laptop 'schoongemaakt' met ATF- cleaner en Smidfraudfix , maar er staat bij Sff dat hij niet alle bestanden kon verwijderen. M'n laptop loopt namelijk op twee processoren. En het schijnt dat door die twee processoren niet alles schoon kan maken. Ik heb de officiële versie van Spyware doctor gekocht en hij maakt de laptop ook schoon, behalve dat éne bestandje. Dit bericht typ ik via m'n andere laptop die ook verscheidene trojans heeft, maar dat terzijde. Edit; Heb even Hijackthis op usb stick gedownload en vervolgens in de laptop gedaan. En heb nu wèl een logbestandje voor jullie; Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:50:23, on 18-05-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\VIRUSfighter\Bin\Zanda.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\xwusuhzh.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\VIRUSfighter\bin\NJEEVES.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\00THotkey.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\VIRUSfighter\bin\ZLH.EXE C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\xwusuhzh.exe, O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Kraidman] C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\bin\ZLH.EXE /LOAD /SPLASH O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth Monitor.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203365513121 O17 - HKLM\System\CCS\Services\Tcpip\..\{473E2151-1AB9-4143-A034-521C7A354C28}: NameServer = 195.121.1.34,195.121.1.66 O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Bin\Zanda.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Windows Action Script - Unknown owner - C:\WINDOWS\system32\scvhost.exe (file missing) O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10677 bytes hoop écht dat iemand me kan helpen, heb zoveel dingen op m'n laptop staan die ik voor m'n werk nodig heb.
