Soxwox

Kan het met de stroomvoorziening te maken hebben? Er is al een tijdje een probleempje geweest met de aan-uit-knop. Soms moest ik 'm twee keer aanzetten, omdat ie na 2 seconden weer afsloeg, en die aan-uit-knop gaf niet meer zo'n solide indruk (er zit precies wat speling op en hij zit een beetje los). Soit, ik probeer de schijf te redden in een andere pc. Bedankt! P

Hallo Zonet het command uitgevoerd, maar jammer genoeg zonder het gewenste resultaat. De loop is er nog altijd. :-( Grtn P

Hoi, Bedankt voor de feedback. Toch even dit: het volgende bericht verschijnt wanneer ik op het punt sta dit command uit te voeren: This computer appears to have a non-standard or invalid master boot record. FIXMBR may damage your partition tables if you proceed. This could cause all the partitions on the current hard disk to become inaccessible. If you are nog having problems accessing your drive, do not continue. Toch verder gaan met die handel?? Ik wil mijn schijf niet om zeep helpen... Grtn P

Zal dit de harde schijf niet compromitteren? De waarschuwingen die ik erover lees zijn niet min, en ik ben er niet zeker van dat de pc momenteel volledig virus-vrij is. Grtn P

Hallo Sinds vorige week raak ik niet meer in Windows. Al een paar weken kon ik enkel nog opstarten via de 'last know good configuration' (of zoiets), maar ook dat lukt niet meer. Windows XP komt altijd terug bij het zwarte scherm met de beveiligde en gewone opstartmogelijkheden. Loop na loop... :-( Van een vriend heb ik een XP-installatie-CD gekregen (XP was bij mij hard geïnstalleerd zonder CD-rom). Na wat onderzoek op internet (via mijn laptop van het werk) heb ik het command chkdsk /p /r al gerund, en ik krijg geen melding van fouten of zo. Dan maar 'fixboot', en 'the new bootsector was successfully written'. Enig probleem: het probleem is nog niet opgelost. Wat kan ik doen? Mvg Pieter

Damn... da's nu net wat ik gedaan heb!! Euh... Houston, we have a problem? Ik probeer het vanavond nog eens (ben nu niet thuis)!

Hey Kun je nog wat extra uitleg geven over het verwijderen van ComboFix? Als ik Start > Run kies en vervolgens je command ingeef, dan start ie gewoon ComboFix op --> volledige scan + log. Is dat command mét of zonder spaties?? Grtn Pieter

Foldertje is niet leeg, er zit één 1kb-bestandje in: Crack_, van het type 'Film Vidéo CD'. Het zegt mij niets, zou dit weggooien! OK? Voor de rest lijkt alles weer prima te werken. Snelheid is ongelooflijk toegenomen, er zijn ook geen storende elementen meer. Grtn P

'k Hoop alvast dat ik je nooit nog zo'n besmetting op het bord moet leggen ;-) De logfile... ComboFix 09-07-25.05 - Pieter 26/07/2009 14:15.4.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.32.1033.18.511.248 [GMT 2:00] Running from: c:\documents and settings\Pieter\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Pieter\Desktop\CFScript.txt AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\windows\system32\drivers\70178015.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\70178015.sys . ((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 ))))))))))))))))))))))))))))))) . 2009-07-26 10:01 . 2009-07-26 10:01 1915520 ----a-w- c:\documents and settings\Pieter\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2009-07-25 15:03 . 2009-07-25 15:03 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-07-25 15:02 . 2009-07-25 15:02 -------- d-----w- c:\program files\Norton Security Scan 2009-07-14 20:03 . 2009-07-14 20:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2009-07-13 22:31 . 2009-07-13 22:31 -------- d-----w- C:\Rooter$ 2009-07-11 11:35 . 2009-07-11 11:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-07-11 11:25 . 2009-07-13 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-07-11 11:25 . 2009-07-13 18:02 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-07-11 10:17 . 2009-07-20 21:53 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-07-11 10:17 . 2009-07-11 10:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer 2009-07-10 23:34 . 2009-07-10 23:34 -------- d-----w- c:\windows\system32\wbem\Repository 2009-07-10 22:23 . 2009-07-10 22:23 -------- d-----w- c:\documents and settings\NetworkService\IETldCache 2009-07-07 17:23 . 2009-07-07 17:23 -------- d-----w- c:\documents and settings\Pieter\PrivacIE 2009-07-07 09:52 . 2009-07-07 09:52 -------- d-----w- c:\windows\system32\config\systemprofile\IETldCache 2009-07-07 09:52 . 2009-07-07 09:52 -------- d-----w- c:\documents and settings\Pieter\IETldCache 2009-07-07 09:45 . 2009-07-07 09:46 -------- d-----w- c:\windows\ie8updates 2009-07-07 09:40 . 2009-07-10 23:33 -------- dc----w- c:\windows\ie8 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-26 08:51 . 2008-10-01 19:12 -------- d-----w- c:\documents and settings\Pieter\Application Data\Skype 2009-07-26 08:51 . 2008-10-01 19:12 -------- d-----w- c:\documents and settings\Pieter\Application Data\skypePM 2009-07-26 08:51 . 2009-01-28 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-07-26 08:51 . 2007-06-08 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-07-25 22:14 . 2007-06-08 11:11 1701860 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-07-25 22:14 . 2007-06-08 11:11 1661472 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-07-25 22:14 . 2007-06-08 11:11 158396 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-07-25 22:14 . 2007-06-08 11:11 145133600 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-07-25 14:56 . 2007-10-04 19:39 -------- d-----w- c:\program files\MSN Messenger 2009-07-25 09:45 . 2008-08-25 18:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-25 09:37 . 2009-03-03 23:00 -------- d-----w- c:\program files\Download Youtube Free 2009-07-13 11:36 . 2008-08-25 18:21 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-13 11:36 . 2008-08-25 18:24 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-16 14:55 . 2001-08-23 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:55 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-03 19:27 . 2005-08-30 04:02 1290752 ----a-w- c:\windows\system32\quartz.dll 2009-05-27 19:12 . 2009-05-27 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SpinTop Games 2009-05-07 15:44 . 2002-08-29 02:41 344064 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:52 . 2006-08-30 18:42 616448 ----a-w- c:\windows\system32\urlmon(3).dll 2009-04-29 04:52 . 2006-06-23 09:33 659456 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:52 . 2006-06-23 09:33 659456 ----a-w- c:\windows\system32\wininet(3).dll 2009-04-29 04:52 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-07-16 00:37 . 2009-07-25 09:49 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . ((((((((((((((((((((((((((((( SnapShot@2009-07-25_17.00.46 ))))))))))))))))))))))))))))))))))))))))) . + 2008-06-05 16:08 . 2009-07-26 10:01 88590 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe + 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240] "Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2005-10-27 3887104] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2007-08-28 36972] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 222720] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-02 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "PD0620 STISvc"="P0620Pin.dll" - c:\windows\system32\P0620Pin.dll [2005-05-10 36864] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-6-11 110592] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-3-4 389120] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Shareaza\\Shareaza.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"= "c:\\Program Files\\SightSpeed\\SightSpeed.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [26/08/2008 19:43 32784] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/04/2009 12:38 92008] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [26/08/2008 19:43 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [26/08/2008 19:43 24592] . Contents of the 'Scheduled Tasks' folder 2009-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57] 2009-07-26 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-11 22:17] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.destandaard.be/ uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uSearch Bar = hxxp://www.google.com/ie mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f IE: &Search IE: Download &Youtube Free - c:\program files\Download Youtube Free\save.htm DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Pieter\Application Data\Mozilla\Firefox\Profiles\jtjnlzxc.default\ FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-07-26 14:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(856) c:\windows\system32\Ati2evxx.dll c:\windows\System32\klogon.dll . Completion time: 2009-07-26 14:35 ComboFix-quarantined-files.txt 2009-07-26 12:35 ComboFix2.txt 2009-07-26 09:44 ComboFix3.txt 2009-07-25 20:24 ComboFix4.txt 2009-07-25 17:15 Pre-Run: 4.068.126.720 bytes free Post-Run: 4.060.131.328 bytes free 222 --- E O F --- 2009-07-14 20:16

Hier zijn we weer. Het lijkt inderdaad een aardig werkje te worden. Alvast zeer hartelijk bedankt! Ik heb alle batch-jobs op C gedeleted. Het waren er 235, de oudste dateerde van 11/7/2009, de jongste van 23/07/2009. Norton zit er nog op, dat verwijder ik straks. Hieronder weer twee logjes... ComboFix ComboFix 09-07-25.04 - Pieter 26/07/2009 11:24.3.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.32.1033.18.511.202 [GMT 2:00] Running from: c:\documents and settings\Pieter\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Pieter\Desktop\CFScript.txt AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "C:\AaK.bat" "C:\AF7I.bat" "C:\ASLvBD.bat" "C:\ASNwscar.bat" "C:\aYIbBT.bat" "C:\B36m0Y.bat" "C:\BA8U8yMo.bat" "C:\BeaX.bat" "C:\BFT.bat" "C:\BIDPL.bat" "C:\bmZ.bat" "C:\c1ud.bat" "C:\cktm.bat" "C:\CX1ToA.bat" "C:\DDp.bat" "C:\DFhvRZXO.bat" "C:\dglPkM.bat" "C:\DrKymJPg.bat" "C:\dT9sKfAr.bat" "C:\DxhgtO.bat" "C:\E87D.bat" "C:\E931.bat" "C:\E9C.bat" "C:\EEFbU36t.bat" "C:\eH8l5.bat" "C:\FEg.bat" "C:\Fo5pPC.bat" "C:\foQqpI.bat" "C:\fPWoRFFt.bat" "C:\fRVw.bat" "C:\FvOSlasK.bat" "C:\g84e1.bat" "C:\G9qTcZRP.bat" "C:\GEUOzh.bat" "C:\gMnF.bat" "C:\Gon6zjn9.bat" "C:\GQpS4.bat" "C:\gR6KxiIG.bat" "C:\hDQg5.bat" "C:\HF2.bat" "C:\hPZ.bat" "C:\hq2kB.bat" "C:\hyVa3.bat" "C:\I53JSdlw.bat" "C:\ISoaVQ.bat" "C:\iW67.bat" "C:\jDG.bat" "C:\JHjGPkAE.bat" "C:\jrVC0Q.bat" "C:\jrYGQ.bat" "C:\JSKRTSw7.bat" "C:\jz4g4jqR.bat" "C:\JzVq.bat" "C:\K0vXD.bat" "C:\kdce8.bat" "C:\Kgjwo.bat" "C:\lBsr1uBX.bat" "C:\LhvSVcYC.bat" "C:\Ll4.bat" "C:\Lsf9.bat" "C:\lYTu.bat" "C:\M3hL39ij.bat" "C:\m9OHJv.bat" "C:\mKzkZY.bat" "C:\MrGR5.bat" "C:\n0NF.bat" "C:\n4Md.bat" "C:\nDre.bat" "C:\NGC2.bat" "C:\NIGwLD.bat" "C:\nVNJiE.bat" "C:\O9V.bat" "C:\odXBTWNJ.bat" "C:\OhF.bat" "C:\okCnlq.bat" "C:\Omx18.bat" "C:\oYEz65rb.bat" "C:\oytH3.bat" "C:\OZo.bat" "C:\P5Fw.bat" "C:\PM5.bat" "C:\Py4ax.bat" "C:\QgzR.bat" "C:\QIJnZ.bat" "C:\QjzMie.bat" "C:\QR8Qssad.bat" "C:\Qua.bat" "C:\qxw.bat" "C:\r6jsXI.bat" "C:\rGqFK1.bat" "C:\RV5.bat" "C:\septX.bat" "C:\SUf9.bat" "C:\SYhaOf.bat" "C:\t3BQVL.bat" "C:\THcxgyec.bat" "C:\UBmemIuB.bat" "C:\UKlB1.bat" "C:\uKpT4sLW.bat" "C:\v6l5ipEN.bat" "C:\V8d7yWui.bat" "C:\vm6.bat" "C:\VVUOs6.bat" "C:\w2V.bat" "C:\w5cJd.bat" "C:\wGiKFu.bat" "c:\windows\Tasks\Norton Security Scan for Pieter.job" "C:\wK2x0L.bat" "C:\wlaFykOF.bat" "C:\wRiQnRSg.bat" "C:\WrZxjH.bat" "C:\WSf.bat" "C:\WYew.bat" "C:\xEO.bat" "C:\XhL.bat" "C:\xJFx9qMt.bat" "C:\Xkogd.bat" "C:\XLkm.bat" "C:\YgeAa.bat" "C:\YOekYS.bat" "C:\Yta8.bat" "C:\Z2M.bat" "C:\zSe.bat" "C:\zyf.bat" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Tasks\Norton Security Scan for Pieter.job . ((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 ))))))))))))))))))))))))))))))) . 2009-07-25 15:03 . 2009-07-25 15:03 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-07-25 15:02 . 2009-07-25 15:02 -------- d-----w- c:\program files\Norton Security Scan 2009-07-14 20:03 . 2009-07-14 20:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2009-07-13 22:31 . 2009-07-13 22:31 -------- d-----w- C:\Rooter$ 2009-07-11 11:44 . 2008-07-08 11:54 148496 ----a-w- c:\windows\system32\drivers\70178015.sys 2009-07-11 11:35 . 2009-07-11 11:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-07-11 11:25 . 2009-07-13 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-07-11 11:25 . 2009-07-13 18:02 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-07-11 10:17 . 2009-07-20 21:53 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-07-11 10:17 . 2009-07-11 10:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer 2009-07-10 23:34 . 2009-07-10 23:34 -------- d-----w- c:\windows\system32\wbem\Repository 2009-07-10 22:23 . 2009-07-10 22:23 -------- d-----w- c:\documents and settings\NetworkService\IETldCache 2009-07-07 17:23 . 2009-07-07 17:23 -------- d-----w- c:\documents and settings\Pieter\PrivacIE 2009-07-07 09:52 . 2009-07-07 09:52 -------- d-----w- c:\windows\system32\config\systemprofile\IETldCache 2009-07-07 09:52 . 2009-07-07 09:52 -------- d-----w- c:\documents and settings\Pieter\IETldCache 2009-07-07 09:45 . 2009-07-07 09:46 -------- d-----w- c:\windows\ie8updates 2009-07-07 09:40 . 2009-07-10 23:33 -------- dc----w- c:\windows\ie8 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-26 08:51 . 2008-10-01 19:12 -------- d-----w- c:\documents and settings\Pieter\Application Data\Skype 2009-07-26 08:51 . 2008-10-01 19:12 -------- d-----w- c:\documents and settings\Pieter\Application Data\skypePM 2009-07-26 08:51 . 2009-01-28 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-07-26 08:51 . 2007-06-08 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-07-25 22:14 . 2007-06-08 11:11 1701860 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-07-25 22:14 . 2007-06-08 11:11 1661472 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-07-25 22:14 . 2007-06-08 11:11 158396 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-07-25 22:14 . 2007-06-08 11:11 145133600 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-07-25 14:56 . 2007-10-04 19:39 -------- d-----w- c:\program files\MSN Messenger 2009-07-25 09:45 . 2008-08-25 18:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-25 09:37 . 2009-03-03 23:00 -------- d-----w- c:\program files\Download Youtube Free 2009-07-13 11:36 . 2008-08-25 18:21 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-13 11:36 . 2008-08-25 18:24 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-16 14:55 . 2001-08-23 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:55 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-03 19:27 . 2005-08-30 04:02 1290752 ----a-w- c:\windows\system32\quartz.dll 2009-05-27 19:12 . 2009-05-27 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SpinTop Games 2009-05-07 15:44 . 2002-08-29 02:41 344064 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:52 . 2006-08-30 18:42 616448 ----a-w- c:\windows\system32\urlmon(3).dll 2009-04-29 04:52 . 2006-06-23 09:33 659456 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:52 . 2006-06-23 09:33 659456 ----a-w- c:\windows\system32\wininet(3).dll 2009-04-29 04:52 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-07-16 00:37 . 2009-07-25 09:49 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240] "Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2005-10-27 3887104] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2007-08-28 36972] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 222720] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-02 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "PD0620 STISvc"="P0620Pin.dll" - c:\windows\system32\P0620Pin.dll [2005-05-10 36864] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304] c:\documents and settings\Pieter\Start Menu\Programs\Startup\ is-16TD9.lnk - c:\documents and settings\Pieter\Desktop\Virus Removal Tool\is-16TD9\startup.exe [2009-7-11 65536] is-C133G.lnk - c:\documents and settings\Pieter\Desktop\Virus Removal Tool1\is-C133G\startup.exe [2009-7-11 65536] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-6-11 110592] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-3-4 389120] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Shareaza\\Shareaza.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"= "c:\\Program Files\\SightSpeed\\SightSpeed.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [26/08/2008 19:43 32784] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/04/2009 12:38 92008] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [26/08/2008 19:43 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [26/08/2008 19:43 24592] . Contents of the 'Scheduled Tasks' folder 2009-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57] 2009-07-26 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-11 22:17] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.destandaard.be/ uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uSearch Bar = hxxp://www.google.com/ie mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f IE: &Search IE: Download &Youtube Free - c:\program files\Download Youtube Free\save.htm DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Pieter\Application Data\Mozilla\Firefox\Profiles\jtjnlzxc.default\ FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-07-26 11:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(856) c:\windows\system32\Ati2evxx.dll c:\windows\System32\klogon.dll . Completion time: 2009-07-26 11:44 ComboFix-quarantined-files.txt 2009-07-26 09:44 ComboFix2.txt 2009-07-25 20:24 ComboFix3.txt 2009-07-25 17:15 Pre-Run: 3.442.614.272 bytes free Post-Run: 3.393.064.960 bytes free 342 --- E O F --- 2009-07-14 20:16 HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:58:36, on 26/07/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0\bin\jucheck.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Shareaza\Shareaza.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De Standaard Online R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: (no name) - {C90DBB52-46E0-4E65-92BC-799ADEE54C86} - C:\PROGRA~1\Flash2X\FLASHP~1\FLASHP~1.DLL O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: is-16TD9.lnk = C:\Documents and Settings\Pieter\Desktop\Virus Removal Tool\is-16TD9\startup.exe O4 - Startup: is-C133G.lnk = C:\Documents and Settings\Pieter\Desktop\Virus Removal Tool1\is-C133G\startup.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Download &Youtube Free - C:\Program Files\Download Youtube Free\save.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=www.coften.be O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mailserv.sofico.be/iNotes6W.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181295815703 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 8666 bytes

Hallo Ik heb geen specifieke reden hiervoor... vermoedelijk 'historische vervuiling'. Wat mij betreft, mag dat eraf. Soit, ik heb gedaan wat je voorstelde... hier de logs: ComboFix ComboFix 09-07-24.01 - Pieter 25/07/2009 21:33.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.32.1033.18.511.141 [GMT 2:00] Running from: c:\documents and settings\Pieter\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Pieter\Desktop\CFScript.txt AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "C:\aE8L4nXW.bat" "C:\aim3k6Wn.bat" "C:\aNeQg.bat" "C:\Ao4X.bat" "C:\aQf5O.bat" "C:\B8HQ.bat" "C:\bAG.bat" "C:\Bh86xd.bat" "C:\bRx.bat" "C:\Bv5.bat" "C:\cC6.bat" "C:\d0mgELZU.exe" "C:\dDAh4W.bat" "C:\DdZr.bat" "C:\DpGorEDG.bat" "C:\DVTZ7C.bat" "C:\e1EO2.bat" "C:\e30CEh.bat" "C:\eFbl.bat" "C:\enL.bat" "C:\F80.bat" "C:\fHyrL6.exe" "C:\FiUV.bat" "C:\FJI8mEgY.bat" "C:\Fp69.bat" "C:\fPp.bat" "C:\FqQ.bat" "C:\fqY5iX.bat" "C:\fumle.bat" "C:\g3TPaV5p.bat" "C:\GOL1vM.bat" "C:\GPeI5.bat" "C:\GRdlJOsM.bat" "C:\GWX.bat" "C:\Hj7.bat" "C:\IfgaJxjt.bat" "C:\IGdfjg.bat" "C:\IHIX9te3.exe" "C:\it2fWy.bat" "C:\j9yXWvPz.bat" "C:\jgFFUX.bat" "C:\jLGE.bat" "C:\jm30Q.bat" "C:\JOjDfaOG.bat" "C:\Jpqc.bat" "C:\jZwu.bat" "C:\KkxCdU.bat" "C:\kraj0D3r.exe" "C:\kSEnJ.bat" "C:\Kxk.bat" "C:\lm3.bat" "C:\lQsZ4.exe" "C:\lWzKZ.bat" "C:\M17.bat" "C:\mAaeZc.bat" "C:\maDcoB.bat" "C:\mBG6v2Po.bat" "C:\mNDHr.bat" "C:\mnvvz.bat" "C:\MpSU.bat" "C:\nDKqA.exe" "C:\NjEBL.bat" "C:\NohijG0p.bat" "C:\Nr7Ng71q.bat" "C:\nrz5.bat" "C:\nWTV8Pdy.bat" "C:\o1at.exe" "C:\Ol4.bat" "C:\OLvt.exe" "C:\OpzS.bat" "C:\Ov0Vr.bat" "C:\oWJDKb.bat" "C:\P73z.bat" "C:\P9iFwrk.bat" "C:\Pti.bat" "C:\PvR.bat" "C:\q67czbZn.bat" "C:\qTt1Dy.exe" "C:\Qu8l.exe" "C:\qvZV2y.bat" "C:\QZ8Ux8y.bat" "C:\QZC.bat" "C:\r1FvE.bat" "C:\SC7f1.bat" "C:\SGN5cWw.exe" "C:\sJfZdw.bat" "C:\StkwpSkb.bat" "C:\sZWnr.bat" "C:\t7MRgqbu.bat" "C:\Tboipi.bat" "C:\tL0is2Un.bat" "C:\TmfUSOtf.bat" "C:\TUzHjd.bat" "C:\uDo.bat" "C:\UFuRg.bat" "C:\uIY1JbKS.bat" "C:\uJKCYK.bat" "C:\UuRc.exe" "C:\v1Z.bat" "C:\VA6u.bat" "C:\Vh3Y.bat" "C:\vhk.bat" "C:\vl8kp.bat" "C:\vpsHr.bat" "C:\vTknFX.bat" "C:\VzTqL.bat" "C:\W7Qj9.bat" "C:\Waf.bat" "C:\WfSXoq.bat" "C:\WHl.bat" "c:\windows\system32\drivers\38813292.sys" "C:\wpPF.bat" "C:\wzH.bat" "C:\XD9L.bat" "C:\xLvtj.bat" "C:\xq4Y.bat" "C:\xv6oB.bat" "C:\XWTUD8fl.bat" "C:\YfB5.bat" "C:\YqJOQVHj.bat" "C:\yW2yb.bat" "C:\Zfw7.bat" "C:\ZKSYCi.bat" "C:\ZpHJel.bat" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\aE8L4nXW.bat C:\aim3k6Wn.bat C:\aNeQg.bat C:\Ao4X.bat C:\aQf5O.bat C:\B8HQ.bat C:\bAG.bat C:\Bh86xd.bat C:\bRx.bat C:\Bv5.bat C:\cC6.bat C:\d0mgELZU.exe C:\dDAh4W.bat C:\DdZr.bat C:\DpGorEDG.bat C:\DVTZ7C.bat C:\e1EO2.bat C:\e30CEh.bat C:\eFbl.bat C:\enL.bat C:\F80.bat C:\fHyrL6.exe C:\FiUV.bat C:\FJI8mEgY.bat C:\Fp69.bat C:\fPp.bat C:\FqQ.bat C:\fqY5iX.bat C:\fumle.bat C:\g3TPaV5p.bat C:\GOL1vM.bat C:\GPeI5.bat C:\GRdlJOsM.bat C:\GWX.bat C:\Hj7.bat C:\IfgaJxjt.bat C:\IGdfjg.bat C:\IHIX9te3.exe C:\it2fWy.bat C:\j9yXWvPz.bat C:\jgFFUX.bat C:\jLGE.bat C:\jm30Q.bat C:\JOjDfaOG.bat C:\Jpqc.bat C:\jZwu.bat C:\KkxCdU.bat C:\kraj0D3r.exe C:\kSEnJ.bat C:\Kxk.bat C:\lm3.bat C:\lQsZ4.exe C:\lWzKZ.bat C:\M17.bat C:\mAaeZc.bat C:\maDcoB.bat C:\mBG6v2Po.bat C:\mNDHr.bat C:\mnvvz.bat C:\MpSU.bat C:\nDKqA.exe C:\NjEBL.bat C:\NohijG0p.bat C:\Nr7Ng71q.bat C:\nrz5.bat C:\nWTV8Pdy.bat C:\o1at.exe C:\Ol4.bat C:\OLvt.exe C:\OpzS.bat C:\Ov0Vr.bat C:\oWJDKb.bat C:\P73z.bat C:\P9iFwrk.bat C:\Pti.bat C:\PvR.bat C:\q67czbZn.bat C:\qTt1Dy.exe C:\Qu8l.exe C:\qvZV2y.bat C:\QZ8Ux8y.bat C:\QZC.bat C:\r1FvE.bat C:\SC7f1.bat C:\SGN5cWw.exe C:\sJfZdw.bat C:\StkwpSkb.bat C:\sZWnr.bat C:\t7MRgqbu.bat C:\Tboipi.bat C:\tL0is2Un.bat C:\TmfUSOtf.bat C:\TUzHjd.bat C:\uDo.bat C:\UFuRg.bat C:\uIY1JbKS.bat C:\uJKCYK.bat C:\UuRc.exe C:\v1Z.bat C:\VA6u.bat C:\Vh3Y.bat C:\vhk.bat C:\vl8kp.bat C:\vpsHr.bat C:\vTknFX.bat C:\VzTqL.bat C:\W7Qj9.bat C:\Waf.bat C:\WfSXoq.bat C:\WHl.bat c:\windows\system32\drivers\38813292.sys C:\wpPF.bat C:\wzH.bat C:\XD9L.bat C:\xLvtj.bat C:\xq4Y.bat C:\xv6oB.bat C:\XWTUD8fl.bat C:\YfB5.bat C:\YqJOQVHj.bat C:\yW2yb.bat C:\Zfw7.bat C:\ZKSYCi.bat C:\ZpHJel.bat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_is-16TD9drv -------\Service_is-16TD9drv ((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 ))))))))))))))))))))))))))))))) . 2009-07-25 15:03 . 2009-07-25 15:03 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-07-25 15:02 . 2009-07-25 15:02 -------- d-----w- c:\program files\Norton Security Scan 2009-07-23 16:55 . 2009-07-23 16:55 242 ----a-w- C:\K0vXD.bat 2009-07-23 16:45 . 2009-07-23 16:45 6998 ----a-w- C:\BFT.bat 2009-07-23 16:45 . 2009-07-23 16:45 247 ----a-w- C:\hPZ.bat 2009-07-23 16:38 . 2009-07-23 16:38 6998 ----a-w- C:\NGC2.bat 2009-07-23 16:38 . 2009-07-23 16:38 243 ----a-w- C:\Gon6zjn9.bat 2009-07-23 16:35 . 2009-07-23 16:35 6998 ----a-w- C:\QIJnZ.bat 2009-07-23 16:35 . 2009-07-23 16:35 250 ----a-w- C:\v6l5ipEN.bat 2009-07-22 20:25 . 2009-07-22 20:25 6998 ----a-w- C:\oytH3.bat 2009-07-22 20:25 . 2009-07-22 20:25 246 ----a-w- C:\O9V.bat 2009-07-22 20:24 . 2009-07-22 20:24 6998 ----a-w- C:\E87D.bat 2009-07-22 20:24 . 2009-07-22 20:24 247 ----a-w- C:\E931.bat 2009-07-22 20:06 . 2009-07-22 20:06 273 ----a-w- C:\fRVw.bat 2009-07-22 20:01 . 2009-07-22 20:01 275 ----a-w- C:\zSe.bat 2009-07-22 19:55 . 2009-07-22 19:55 6998 ----a-w- C:\foQqpI.bat 2009-07-22 19:55 . 2009-07-22 19:55 233 ----a-w- C:\aYIbBT.bat 2009-07-22 19:42 . 2009-07-22 19:42 6998 ----a-w- C:\c1ud.bat 2009-07-22 19:42 . 2009-07-22 19:42 273 ----a-w- C:\mKzkZY.bat 2009-07-22 19:23 . 2009-07-22 19:23 6998 ----a-w- C:\Qua.bat 2009-07-22 19:23 . 2009-07-22 19:23 247 ----a-w- C:\zyf.bat 2009-07-22 19:02 . 2009-07-22 19:02 6998 ----a-w- C:\hyVa3.bat 2009-07-22 19:02 . 2009-07-22 19:02 248 ----a-w- C:\QjzMie.bat 2009-07-22 19:01 . 2009-07-22 19:01 6998 ----a-w- C:\gMnF.bat 2009-07-22 19:01 . 2009-07-22 19:01 250 ----a-w- C:\xJFx9qMt.bat 2009-07-22 18:55 . 2009-07-22 18:55 242 ----a-w- C:\dglPkM.bat 2009-07-22 18:44 . 2009-07-22 18:44 6998 ----a-w- C:\rGqFK1.bat 2009-07-22 18:44 . 2009-07-22 18:44 261 ----a-w- C:\hDQg5.bat 2009-07-22 18:38 . 2009-07-22 18:38 6998 ----a-w- C:\JSKRTSw7.bat 2009-07-22 18:38 . 2009-07-22 18:38 260 ----a-w- C:\UBmemIuB.bat 2009-07-22 18:31 . 2009-07-22 18:31 6998 ----a-w- C:\jrVC0Q.bat 2009-07-22 18:31 . 2009-07-22 18:31 259 ----a-w- C:\nVNJiE.bat 2009-07-22 18:21 . 2009-07-22 18:21 6998 ----a-w- C:\cktm.bat 2009-07-22 18:21 . 2009-07-22 18:21 232 ----a-w- C:\NIGwLD.bat 2009-07-22 18:05 . 2009-07-22 18:05 6998 ----a-w- C:\HF2.bat 2009-07-22 18:05 . 2009-07-22 18:05 273 ----a-w- C:\qxw.bat 2009-07-22 18:02 . 2009-07-22 18:02 6998 ----a-w- C:\lYTu.bat 2009-07-22 17:58 . 2009-07-22 17:58 6998 ----a-w- C:\P5Fw.bat 2009-07-22 17:58 . 2009-07-22 17:58 271 ----a-w- C:\wK2x0L.bat 2009-07-22 12:24 . 2009-07-22 12:24 6998 ----a-w- C:\bmZ.bat 2009-07-22 12:24 . 2009-07-22 12:24 262 ----a-w- C:\M3hL39ij.bat 2009-07-22 12:16 . 2009-07-22 12:16 6998 ----a-w- C:\odXBTWNJ.bat 2009-07-22 12:09 . 2009-07-22 12:09 6998 ----a-w- C:\I53JSdlw.bat 2009-07-22 12:09 . 2009-07-22 12:09 272 ----a-w- C:\Lsf9.bat 2009-07-22 11:57 . 2009-07-22 11:57 6998 ----a-w- C:\XhL.bat 2009-07-22 11:57 . 2009-07-22 11:57 248 ----a-w- C:\n0NF.bat 2009-07-22 11:44 . 2009-07-22 11:44 6998 ----a-w- C:\MrGR5.bat 2009-07-22 11:44 . 2009-07-22 11:44 274 ----a-w- C:\Kgjwo.bat 2009-07-22 11:29 . 2009-07-22 11:29 6998 ----a-w- C:\DrKymJPg.bat 2009-07-22 11:29 . 2009-07-22 11:29 231 ----a-w- C:\w5cJd.bat 2009-07-22 11:22 . 2009-07-22 11:22 238 ----a-w- C:\SYhaOf.bat 2009-07-22 11:18 . 2009-07-22 11:18 256 ----a-w- C:\Z2M.bat 2009-07-22 11:03 . 2009-07-22 11:03 6998 ----a-w- C:\kdce8.bat 2009-07-22 11:03 . 2009-07-22 11:03 236 ----a-w- C:\ISoaVQ.bat 2009-07-22 10:54 . 2009-07-22 10:54 6998 ----a-w- C:\GQpS4.bat 2009-07-22 10:54 . 2009-07-22 10:54 261 ----a-w- C:\iW67.bat 2009-07-22 10:42 . 2009-07-22 10:42 6998 ----a-w- C:\CX1ToA.bat 2009-07-22 10:42 . 2009-07-22 10:42 235 ----a-w- C:\GEUOzh.bat 2009-07-22 10:35 . 2009-07-22 10:35 6998 ----a-w- C:\septX.bat 2009-07-22 10:35 . 2009-07-22 10:35 272 ----a-w- C:\Yta8.bat 2009-07-22 10:24 . 2009-07-22 10:24 6998 ----a-w- C:\RV5.bat 2009-07-22 10:24 . 2009-07-22 10:24 257 ----a-w- C:\xEO.bat 2009-07-22 10:17 . 2009-07-22 10:17 6998 ----a-w- C:\DDp.bat 2009-07-22 10:17 . 2009-07-22 10:17 241 ----a-w- C:\jz4g4jqR.bat 2009-07-22 10:07 . 2009-07-22 10:07 6998 ----a-w- C:\JzVq.bat 2009-07-22 10:07 . 2009-07-22 10:07 242 ----a-w- C:\eH8l5.bat 2009-07-22 10:05 . 2009-07-22 10:05 241 ----a-w- C:\WSf.bat 2009-07-22 10:00 . 2009-07-22 10:00 6998 ----a-w- C:\WYew.bat 2009-07-22 10:00 . 2009-07-22 10:00 234 ----a-w- C:\Omx18.bat 2009-07-22 09:57 . 2009-07-22 09:57 6998 ----a-w- C:\t3BQVL.bat 2009-07-22 09:57 . 2009-07-22 09:57 262 ----a-w- C:\jrYGQ.bat 2009-07-22 09:56 . 2009-07-22 09:56 6998 ----a-w- C:\V8d7yWui.bat 2009-07-22 09:56 . 2009-07-22 09:56 266 ----a-w- C:\LhvSVcYC.bat 2009-07-21 21:06 . 2009-07-21 21:06 6998 ----a-w- C:\G9qTcZRP.bat 2009-07-21 21:04 . 2009-07-21 21:04 6998 ----a-w- C:\E9C.bat 2009-07-21 21:04 . 2009-07-21 21:04 254 ----a-w- C:\oYEz65rb.bat 2009-07-21 19:08 . 2009-07-21 19:08 6998 ----a-w- C:\FvOSlasK.bat 2009-07-21 19:08 . 2009-07-21 19:08 246 ----a-w- C:\fPWoRFFt.bat 2009-07-21 18:49 . 2009-07-21 18:49 6998 ----a-w- C:\dT9sKfAr.bat 2009-07-21 18:49 . 2009-07-21 18:49 247 ----a-w- C:\hq2kB.bat 2009-07-21 18:44 . 2009-07-21 18:44 6998 ----a-w- C:\jDG.bat 2009-07-21 18:44 . 2009-07-21 18:44 239 ----a-w- C:\g84e1.bat 2009-07-21 18:29 . 2009-07-21 18:29 6998 ----a-w- C:\nDre.bat 2009-07-21 18:06 . 2009-07-21 18:06 6998 ----a-w- C:\lBsr1uBX.bat 2009-07-21 18:06 . 2009-07-21 18:06 273 ----a-w- C:\BIDPL.bat 2009-07-21 18:05 . 2009-07-21 18:05 6998 ----a-w- C:\BA8U8yMo.bat 2009-07-21 18:05 . 2009-07-21 18:05 240 ----a-w- C:\Ll4.bat 2009-07-21 17:55 . 2009-07-21 17:55 6998 ----a-w- C:\m9OHJv.bat 2009-07-21 17:55 . 2009-07-21 17:55 248 ----a-w- C:\Fo5pPC.bat 2009-07-21 17:43 . 2009-07-21 17:43 6998 ----a-w- C:\gR6KxiIG.bat 2009-07-21 17:43 . 2009-07-21 17:43 248 ----a-w- C:\QR8Qssad.bat 2009-07-21 17:28 . 2009-07-21 17:28 6998 ----a-w- C:\UKlB1.bat 2009-07-21 17:25 . 2009-07-21 17:25 6998 ----a-w- C:\SUf9.bat 2009-07-21 17:25 . 2009-07-21 17:25 238 ----a-w- C:\B36m0Y.bat 2009-07-21 17:07 . 2009-07-21 17:07 6998 ----a-w- C:\FEg.bat 2009-07-21 17:07 . 2009-07-21 17:07 231 ----a-w- C:\OhF.bat 2009-07-21 16:58 . 2009-07-21 16:58 6998 ----a-w- C:\ASNwscar.bat 2009-07-21 16:58 . 2009-07-21 16:58 265 ----a-w- C:\PM5.bat 2009-07-21 16:37 . 2009-07-21 16:37 6998 ----a-w- C:\okCnlq.bat 2009-07-21 16:37 . 2009-07-21 16:37 243 ----a-w- C:\ASLvBD.bat 2009-07-21 16:31 . 2009-07-21 16:31 6998 ----a-w- C:\YgeAa.bat 2009-07-21 16:31 . 2009-07-21 16:31 230 ----a-w- C:\vm6.bat 2009-07-21 16:28 . 2009-07-21 16:28 6998 ----a-w- C:\VVUOs6.bat 2009-07-21 16:28 . 2009-07-21 16:28 230 ----a-w- C:\THcxgyec.bat 2009-07-21 16:17 . 2009-07-21 16:17 6998 ----a-w- C:\Py4ax.bat 2009-07-21 16:17 . 2009-07-21 16:17 266 ----a-w- C:\wRiQnRSg.bat 2009-07-21 16:08 . 2009-07-21 16:08 6998 ----a-w- C:\QgzR.bat 2009-07-21 16:08 . 2009-07-21 16:08 245 ----a-w- C:\DFhvRZXO.bat 2009-07-21 15:56 . 2009-07-21 15:56 6998 ----a-w- C:\JHjGPkAE.bat 2009-07-21 15:56 . 2009-07-21 15:56 233 ----a-w- C:\YOekYS.bat 2009-07-21 15:53 . 2009-07-21 15:53 6998 ----a-w- C:\XLkm.bat 2009-07-21 15:51 . 2009-07-21 15:51 6998 ----a-w- C:\AaK.bat 2009-07-21 15:51 . 2009-07-21 15:51 250 ----a-w- C:\uKpT4sLW.bat 2009-07-20 22:41 . 2009-07-20 22:41 6998 ----a-w- C:\OZo.bat 2009-07-20 22:41 . 2009-07-20 22:41 266 ----a-w- C:\AF7I.bat 2009-07-20 22:15 . 2009-07-20 22:15 6998 ----a-w- C:\WrZxjH.bat 2009-07-20 22:15 . 2009-07-20 22:15 250 ----a-w- C:\w2V.bat 2009-07-20 22:07 . 2009-07-20 22:07 6998 ----a-w- C:\r6jsXI.bat 2009-07-20 22:07 . 2009-07-20 22:07 263 ----a-w- C:\BeaX.bat 2009-07-20 22:00 . 2009-07-20 22:00 273 ----a-w- C:\n4Md.bat 2009-07-20 21:51 . 2009-07-20 21:51 248 ----a-w- C:\EEFbU36t.bat 2009-07-20 21:32 . 2009-07-20 21:32 6998 ----a-w- C:\DxhgtO.bat 2009-07-20 21:32 . 2009-07-20 21:32 273 ----a-w- C:\Xkogd.bat 2009-07-20 21:17 . 2009-07-20 21:17 261 ----a-w- C:\wGiKFu.bat 2009-07-20 21:04 . 2009-07-20 21:04 6998 ----a-w- C:\wlaFykOF.bat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-25 20:11 . 2008-10-01 19:12 -------- d-----w- c:\documents and settings\Pieter\Application Data\Skype 2009-07-25 20:11 . 2008-10-01 19:12 -------- d-----w- c:\documents and settings\Pieter\Application Data\skypePM 2009-07-25 20:10 . 2007-06-08 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-07-25 19:45 . 2007-06-08 11:11 1701860 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-07-25 19:45 . 2007-06-08 11:11 145133600 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-07-25 19:45 . 2007-06-08 11:11 158396 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-07-25 19:45 . 2007-06-08 11:11 1661472 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-07-25 14:56 . 2007-10-04 19:39 -------- d-----w- c:\program files\MSN Messenger 2009-07-25 09:45 . 2008-08-25 18:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-25 09:37 . 2009-03-03 23:00 -------- d-----w- c:\program files\Download Youtube Free 2009-07-24 21:16 . 2009-01-28 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-07-13 11:36 . 2008-08-25 18:21 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-13 11:36 . 2008-08-25 18:24 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-16 14:55 . 2001-08-23 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:55 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-03 19:27 . 2005-08-30 04:02 1290752 ----a-w- c:\windows\system32\quartz.dll 2009-05-27 19:12 . 2009-05-27 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SpinTop Games 2009-05-07 15:44 . 2002-08-29 02:41 344064 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:52 . 2006-08-30 18:42 616448 ----a-w- c:\windows\system32\urlmon(3).dll 2009-04-29 04:52 . 2006-06-23 09:33 659456 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:52 . 2006-06-23 09:33 659456 ----a-w- c:\windows\system32\wininet(3).dll 2009-04-29 04:52 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-07-16 00:37 . 2009-07-25 09:49 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240] "Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2005-10-27 3887104] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2007-08-28 36972] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 222720] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-02 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "PD0620 STISvc"="P0620Pin.dll" - c:\windows\system32\P0620Pin.dll [2005-05-10 36864] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304] c:\documents and settings\Pieter\Start Menu\Programs\Startup\ is-16TD9.lnk - c:\documents and settings\Pieter\Desktop\Virus Removal Tool\is-16TD9\startup.exe [2009-7-11 65536] is-C133G.lnk - c:\documents and settings\Pieter\Desktop\Virus Removal Tool1\is-C133G\startup.exe [2009-7-11 65536] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-6-11 110592] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-3-4 389120] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Shareaza\\Shareaza.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"= "c:\\Program Files\\SightSpeed\\SightSpeed.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [26/08/2008 19:43 32784] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [26/08/2008 19:43 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [26/08/2008 19:43 24592] . Contents of the 'Scheduled Tasks' folder 2009-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57] 2009-07-25 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-11 22:17] 2009-07-25 c:\windows\Tasks\Norton Security Scan for Pieter.job - c:\program files\Norton Security Scan\Nss.exe [2009-03-13 03:53] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.standaard.be/ uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f mSearchAssistant = hxxp://www.google.com/ie IE: &Search IE: Download &Youtube Free - c:\program files\Download Youtube Free\save.htm DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Pieter\Application Data\Mozilla\Firefox\Profiles\jtjnlzxc.default\ FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-07-25 22:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(856) c:\windows\system32\Ati2evxx.dll c:\windows\System32\klogon.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\TomTom HOME 2\TomTomHOMEService.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\Java\jre1.5.0\bin\jucheck.exe c:\progra~1\WinZip\WZQKPICK.EXE c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\documents and settings\Pieter\Desktop\Virus Removal Tool\is-16TD9\is-16TD9.exe c:\documents and settings\Pieter\Desktop\Virus Removal Tool1\is-C133G\is-C133G.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2009-07-25 22:24 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-25 20:24 ComboFix2.txt 2009-07-25 17:15 Pre-Run: 3.454.140.416 bytes free Post-Run: 3.422.359.552 bytes free 603 --- E O F --- 2009-07-14 20:16 HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:07:24, on 25/07/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre1.5.0\bin\jucheck.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Shareaza\Shareaza.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Documents and Settings\Pieter\Desktop\Virus Removal Tool\is-16TD9\is-16TD9.exe C:\Documents and Settings\Pieter\Desktop\Virus Removal Tool1\is-C133G\is-C133G.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De Standaard Online R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: (no name) - {C90DBB52-46E0-4E65-92BC-799ADEE54C86} - C:\PROGRA~1\Flash2X\FLASHP~1\FLASHP~1.DLL O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: is-16TD9.lnk = C:\Documents and Settings\Pieter\Desktop\Virus Removal Tool\is-16TD9\startup.exe O4 - Startup: is-C133G.lnk = C:\Documents and Settings\Pieter\Desktop\Virus Removal Tool1\is-C133G\startup.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Download &Youtube Free - C:\Program Files\Download Youtube Free\save.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=www.coften.be O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mailserv.sofico.be/iNotes6W.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181295815703 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 9006 bytes

Le voilà! ComboFix 09-07-24.01 - Pieter 25/07/2009 18:33.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.32.1033.18.511.214 [GMT 2:00] Running from: c:\documents and settings\Pieter\Desktop\ComboFix.exe AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Search Settings c:\program files\Search Settings\kb127\SearchSettingsRes409.dll c:\program files\Search Settings\SearchSettings.exe c:\windows\Installer\26f8af.msi c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At25.job c:\windows\Tasks\At26.job c:\windows\Tasks\At27.job c:\windows\Tasks\At28.job c:\windows\Tasks\At29.job c:\windows\Tasks\At3.job c:\windows\Tasks\At30.job c:\windows\Tasks\At31.job c:\windows\Tasks\At32.job c:\windows\Tasks\At33.job c:\windows\Tasks\At34.job c:\windows\Tasks\At35.job c:\windows\Tasks\At36.job c:\windows\Tasks\At37.job c:\windows\Tasks\At38.job c:\windows\Tasks\At39.job c:\windows\Tasks\At4.job c:\windows\Tasks\At40.job c:\windows\Tasks\At41.job c:\windows\Tasks\At42.job c:\windows\Tasks\At43.job c:\windows\Tasks\At44.job c:\windows\Tasks\At45.job c:\windows\Tasks\At46.job c:\windows\Tasks\At47.job c:\windows\Tasks\At48.job c:\windows\Tasks\At49.job c:\windows\Tasks\At5.job c:\windows\Tasks\At50.job c:\windows\Tasks\At51.job c:\windows\Tasks\At52.job c:\windows\Tasks\At53.job c:\windows\Tasks\At54.job c:\windows\Tasks\At55.job c:\windows\Tasks\At56.job c:\windows\Tasks\At57.job c:\windows\Tasks\At58.job c:\windows\Tasks\At59.job c:\windows\Tasks\At6.job c:\windows\Tasks\At60.job c:\windows\Tasks\At61.job c:\windows\Tasks\At62.job c:\windows\Tasks\At63.job c:\windows\Tasks\At64.job c:\windows\Tasks\At65.job c:\windows\Tasks\At66.job c:\windows\Tasks\At67.job c:\windows\Tasks\At68.job c:\windows\Tasks\At69.job c:\windows\Tasks\At7.job c:\windows\Tasks\At70.job c:\windows\Tasks\At71.job c:\windows\Tasks\At72.job c:\windows\Tasks\At73.job c:\windows\Tasks\At74.job c:\windows\Tasks\At75.job c:\windows\Tasks\At76.job c:\windows\Tasks\At77.job c:\windows\Tasks\At78.job c:\windows\Tasks\At79.job c:\windows\Tasks\At8.job c:\windows\Tasks\At80.job c:\windows\Tasks\At9.job D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IP_FW -------\Legacy_MYWEBSEARCHSERVICE -------\Service_ip_fw ((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 ))))))))))))))))))))))))))))))) . 2009-07-25 15:03 . 2009-07-25 15:03 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-07-25 15:02 . 2009-07-25 15:02 -------- d-----w- c:\program files\Norton Security Scan 2009-07-25 13:08 . 2009-07-25 13:08 329216 ----a-w- C:\IHIX9te3.exe 2009-07-25 13:08 . 2009-07-25 13:08 6998 ----a-w- C:\mAaeZc.bat 2009-07-25 13:08 . 2009-07-25 13:08 273 ----a-w- C:\GPeI5.bat 2009-07-25 13:00 . 2009-07-25 13:00 6998 ----a-w- C:\Jpqc.bat 2009-07-25 13:00 . 2009-07-25 13:00 242 ----a-w- C:\xLvtj.bat 2009-07-25 12:44 . 2009-07-25 12:44 329216 ----a-w- C:\d0mgELZU.exe 2009-07-25 12:44 . 2009-07-25 12:44 6998 ----a-w- C:\jm30Q.bat 2009-07-25 12:44 . 2009-07-25 12:44 269 ----a-w- C:\j9yXWvPz.bat 2009-07-25 12:04 . 2009-07-25 12:04 329216 ----a-w- C:\lQsZ4.exe 2009-07-25 12:04 . 2009-07-25 12:04 6998 ----a-w- C:\XD9L.bat 2009-07-25 12:04 . 2009-07-25 12:04 248 ----a-w- C:\vhk.bat 2009-07-25 11:49 . 2009-07-25 11:49 329216 ----a-w- C:\SGN5cWw.exe 2009-07-25 11:49 . 2009-07-25 11:49 6998 ----a-w- C:\fqY5iX.bat 2009-07-25 11:49 . 2009-07-25 11:49 266 ----a-w- C:\DdZr.bat 2009-07-25 11:40 . 2009-07-25 11:41 329216 ----a-w- C:\Qu8l.exe 2009-07-25 11:40 . 2009-07-25 11:40 6998 ----a-w- C:\mnvvz.bat 2009-07-25 11:40 . 2009-07-25 11:40 239 ----a-w- C:\OpzS.bat 2009-07-25 11:20 . 2009-07-25 11:20 329216 ----a-w- C:\kraj0D3r.exe 2009-07-25 11:20 . 2009-07-25 11:20 6998 ----a-w- C:\aQf5O.bat 2009-07-25 11:20 . 2009-07-25 11:20 272 ----a-w- C:\UFuRg.bat 2009-07-25 11:15 . 2009-07-25 11:15 6998 ----a-w- C:\JOjDfaOG.bat 2009-07-25 11:15 . 2009-07-25 11:15 267 ----a-w- C:\jgFFUX.bat 2009-07-25 11:04 . 2009-07-25 11:04 6998 ----a-w- C:\QZ8Ux8y.bat 2009-07-25 11:04 . 2009-07-25 11:04 258 ----a-w- C:\VA6u.bat 2009-07-25 10:54 . 2009-07-25 10:54 329216 ----a-w- C:\UuRc.exe 2009-07-25 10:54 . 2009-07-25 10:54 6998 ----a-w- C:\KkxCdU.bat 2009-07-25 10:54 . 2009-07-25 10:54 238 ----a-w- C:\WfSXoq.bat 2009-07-25 10:50 . 2009-07-25 10:50 329216 ----a-w- C:\fHyrL6.exe 2009-07-25 10:50 . 2009-07-25 10:50 6998 ----a-w- C:\FqQ.bat 2009-07-25 10:50 . 2009-07-25 10:50 255 ----a-w- C:\bRx.bat 2009-07-25 10:46 . 2009-07-25 10:46 329216 ----a-w- C:\o1at.exe 2009-07-25 10:46 . 2009-07-25 10:46 6998 ----a-w- C:\tL0is2Un.bat 2009-07-25 10:46 . 2009-07-25 10:46 239 ----a-w- C:\wpPF.bat 2009-07-25 10:35 . 2009-07-25 10:35 6998 ----a-w- C:\F80.bat 2009-07-25 10:35 . 2009-07-25 10:35 275 ----a-w- C:\ZpHJel.bat 2009-07-25 10:28 . 2009-07-25 10:28 329216 ----a-w- C:\qTt1Dy.exe 2009-07-25 10:28 . 2009-07-25 10:28 6998 ----a-w- C:\vl8kp.bat 2009-07-25 10:28 . 2009-07-25 10:28 253 ----a-w- C:\MpSU.bat 2009-07-25 10:06 . 2009-07-25 10:06 6998 ----a-w- C:\Ao4X.bat 2009-07-25 10:06 . 2009-07-25 10:06 258 ----a-w- C:\fumle.bat 2009-07-25 10:00 . 2009-07-25 10:00 6998 ----a-w- C:\P9iFwrk.bat 2009-07-25 10:00 . 2009-07-25 10:00 272 ----a-w- C:\yW2yb.bat 2009-07-25 00:04 . 2009-07-25 00:04 6998 ----a-w- C:\t7MRgqbu.bat 2009-07-25 00:01 . 2009-07-25 00:01 6998 ----a-w- C:\NohijG0p.bat 2009-07-25 00:01 . 2009-07-25 00:01 240 ----a-w- C:\GRdlJOsM.bat 2009-07-25 00:00 . 2009-07-25 00:00 6998 ----a-w- C:\Pti.bat 2009-07-25 00:00 . 2009-07-25 00:00 239 ----a-w- C:\wzH.bat 2009-07-24 23:55 . 2009-07-24 23:55 6998 ----a-w- C:\Zfw7.bat 2009-07-24 23:55 . 2009-07-24 23:55 246 ----a-w- C:\P73z.bat 2009-07-24 23:44 . 2009-07-24 23:44 6998 ----a-w- C:\TUzHjd.bat 2009-07-24 23:35 . 2009-07-24 23:35 6998 ----a-w- C:\aE8L4nXW.bat 2009-07-24 23:35 . 2009-07-24 23:35 257 ----a-w- C:\B8HQ.bat 2009-07-24 23:08 . 2009-07-24 23:08 259 ----a-w- C:\Fp69.bat 2009-07-24 23:04 . 2009-07-24 23:04 6998 ----a-w- C:\DpGorEDG.bat 2009-07-24 23:04 . 2009-07-24 23:04 231 ----a-w- C:\dDAh4W.bat 2009-07-24 22:54 . 2009-07-24 22:54 6998 ----a-w- C:\Hj7.bat 2009-07-24 22:54 . 2009-07-24 22:54 249 ----a-w- C:\aNeQg.bat 2009-07-24 22:34 . 2009-07-24 22:34 6998 ----a-w- C:\NjEBL.bat 2009-07-24 22:19 . 2009-07-24 22:19 6998 ----a-w- C:\lm3.bat 2009-07-24 22:19 . 2009-07-24 22:19 231 ----a-w- C:\SC7f1.bat 2009-07-24 22:08 . 2009-07-24 22:08 6998 ----a-w- C:\YfB5.bat 2009-07-24 22:08 . 2009-07-24 22:08 263 ----a-w- C:\W7Qj9.bat 2009-07-24 21:43 . 2009-07-24 21:43 6998 ----a-w- C:\vpsHr.bat 2009-07-24 21:36 . 2009-07-24 21:36 6998 ----a-w- C:\jLGE.bat 2009-07-24 21:36 . 2009-07-24 21:36 255 ----a-w- C:\mBG6v2Po.bat 2009-07-24 21:26 . 2009-07-24 21:26 6998 ----a-w- C:\q67czbZn.bat 2009-07-24 21:26 . 2009-07-24 21:26 230 ----a-w- C:\FJI8mEgY.bat 2009-07-23 22:21 . 2009-07-23 22:21 57920 ----a-w- C:\nDKqA.exe 2009-07-23 22:21 . 2009-07-23 22:21 6998 ----a-w- C:\sJfZdw.bat 2009-07-23 22:21 . 2009-07-23 22:21 249 ----a-w- C:\mNDHr.bat 2009-07-23 22:09 . 2009-07-23 22:09 6998 ----a-w- C:\maDcoB.bat 2009-07-23 22:09 . 2009-07-23 22:09 273 ----a-w- C:\Ov0Vr.bat 2009-07-23 21:43 . 2009-07-23 21:43 6998 ----a-w- C:\g3TPaV5p.bat 2009-07-23 21:22 . 2009-07-23 21:22 320008 ----a-w- C:\OLvt.exe 2009-07-23 21:22 . 2009-07-23 21:22 6998 ----a-w- C:\PvR.bat 2009-07-23 21:22 . 2009-07-23 21:22 240 ----a-w- C:\IfgaJxjt.bat 2009-07-23 21:20 . 2009-07-23 21:20 6998 ----a-w- C:\QZC.bat 2009-07-23 21:20 . 2009-07-23 21:20 262 ----a-w- C:\eFbl.bat 2009-07-23 21:09 . 2009-07-23 21:00 6998 ----a-w- C:\aim3k6Wn.bat 2009-07-23 21:09 . 2009-07-23 21:00 241 ----a-w- C:\enL.bat 2009-07-23 20:55 . 2009-07-23 20:55 6998 ----a-w- C:\cC6.bat 2009-07-23 20:55 . 2009-07-23 20:55 232 ----a-w- C:\TmfUSOtf.bat 2009-07-23 20:50 . 2009-07-23 20:50 6998 ----a-w- C:\GOL1vM.bat 2009-07-23 20:50 . 2009-07-23 20:50 265 ----a-w- C:\Bv5.bat 2009-07-23 20:49 . 2009-07-23 20:49 6998 ----a-w- C:\nWTV8Pdy.bat 2009-07-23 20:43 . 2009-07-23 20:43 6998 ----a-w- C:\it2fWy.bat 2009-07-23 20:35 . 2009-07-23 20:35 6998 ----a-w- C:\lWzKZ.bat 2009-07-23 20:35 . 2009-07-23 20:35 269 ----a-w- C:\Nr7Ng71q.bat 2009-07-23 20:34 . 2009-07-23 20:34 6998 ----a-w- C:\e1EO2.bat 2009-07-23 20:34 . 2009-07-23 20:34 258 ----a-w- C:\VzTqL.bat 2009-07-23 20:32 . 2009-07-23 20:32 6998 ----a-w- C:\bAG.bat 2009-07-23 20:32 . 2009-07-23 20:32 252 ----a-w- C:\Bh86xd.bat 2009-07-23 20:05 . 2009-07-23 20:05 6998 ----a-w- C:\uJKCYK.bat 2009-07-23 20:05 . 2009-07-23 20:05 265 ----a-w- C:\ZKSYCi.bat 2009-07-23 20:01 . 2009-07-23 20:01 263 ----a-w- C:\uDo.bat 2009-07-23 19:40 . 2009-07-23 19:40 6998 ----a-w- C:\Ol4.bat 2009-07-23 19:40 . 2009-07-23 19:40 271 ----a-w- C:\Tboipi.bat 2009-07-23 19:29 . 2009-07-23 19:29 255 ----a-w- C:\DVTZ7C.bat 2009-07-23 19:22 . 2009-07-23 19:22 6998 ----a-w- C:\jZwu.bat 2009-07-23 19:22 . 2009-07-23 19:22 275 ----a-w- C:\YqJOQVHj.bat 2009-07-23 19:07 . 2009-07-23 19:07 6998 ----a-w- C:\Kxk.bat 2009-07-23 19:07 . 2009-07-23 19:07 271 ----a-w- C:\kSEnJ.bat 2009-07-23 19:04 . 2009-07-23 19:04 6998 ----a-w- C:\Vh3Y.bat 2009-07-23 19:04 . 2009-07-23 19:04 243 ----a-w- C:\StkwpSkb.bat 2009-07-23 18:58 . 2009-07-23 18:58 266 ----a-w- C:\FiUV.bat 2009-07-23 18:54 . 2009-07-23 18:54 6998 ----a-w- C:\xq4Y.bat 2009-07-23 18:54 . 2009-07-23 18:54 265 ----a-w- C:\qvZV2y.bat 2009-07-23 18:25 . 2009-07-23 18:25 6998 ----a-w- C:\v1Z.bat 2009-07-23 18:25 . 2009-07-23 18:25 244 ----a-w- C:\sZWnr.bat 2009-07-23 18:02 . 2009-07-23 18:02 6998 ----a-w- C:\nrz5.bat 2009-07-23 18:02 . 2009-07-23 18:02 257 ----a-w- C:\GWX.bat 2009-07-23 18:00 . 2009-07-23 18:00 6998 ----a-w- C:\r1FvE.bat 2009-07-23 18:00 . 2009-07-23 18:00 274 ----a-w- C:\vTknFX.bat 2009-07-23 17:50 . 2009-07-23 17:50 240 ----a-w- C:\oWJDKb.bat 2009-07-23 17:42 . 2009-07-23 17:42 236 ----a-w- C:\M17.bat 2009-07-23 17:20 . 2009-07-23 17:20 6998 ----a-w- C:\IGdfjg.bat 2009-07-23 17:20 . 2009-07-23 17:20 232 ----a-w- C:\e30CEh.bat 2009-07-23 17:07 . 2009-07-23 17:07 6998 ----a-w- C:\WHl.bat 2009-07-23 17:07 . 2009-07-23 17:07 239 ----a-w- C:\fPp.bat 2009-07-23 16:59 . 2009-07-23 16:59 256 ----a-w- C:\Waf.bat 2009-07-23 16:56 . 2009-07-23 16:56 6998 ----a-w- C:\xv6oB.bat 2009-07-23 16:56 . 2009-07-23 16:56 248 ----a-w- C:\XWTUD8fl.bat 2009-07-23 16:55 . 2009-07-23 16:55 6998 ----a-w- C:\uIY1JbKS.bat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-25 17:06 . 2007-06-08 11:11 142041120 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-07-25 17:02 . 2008-10-01 19:12 -------- d-----w- c:\documents and settings\Pieter\Application Data\Skype 2009-07-25 17:00 . 2007-06-08 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-07-25 16:58 . 2007-06-08 11:11 1662980 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-07-25 16:58 . 2007-06-08 11:11 1661472 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-07-25 16:58 . 2007-06-08 11:11 158396 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-07-25 14:56 . 2007-10-04 19:39 -------- d-----w- c:\program files\MSN Messenger 2009-07-25 14:06 . 2008-10-01 19:12 -------- d-----w- c:\documents and settings\Pieter\Application Data\skypePM 2009-07-25 09:45 . 2008-08-25 18:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-25 09:37 . 2009-03-03 23:00 -------- d-----w- c:\program files\Download Youtube Free 2009-07-24 21:16 . 2009-01-28 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-07-13 11:36 . 2008-08-25 18:21 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-13 11:36 . 2008-08-25 18:24 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-16 14:55 . 2001-08-23 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:55 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-03 19:27 . 2005-08-30 04:02 1290752 ----a-w- c:\windows\system32\quartz.dll 2009-05-27 19:12 . 2009-05-27 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SpinTop Games 2009-05-07 15:44 . 2002-08-29 02:41 344064 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:52 . 2006-08-30 18:42 616448 ----a-w- c:\windows\system32\urlmon(3).dll 2009-04-29 04:52 . 2006-06-23 09:33 659456 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:52 . 2006-06-23 09:33 659456 ----a-w- c:\windows\system32\wininet(3).dll 2009-04-29 04:52 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-07-16 00:37 . 2009-07-25 09:49 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240] "Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2005-10-27 3887104] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2007-08-28 36972] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 222720] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-02 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "PD0620 STISvc"="P0620Pin.dll" - c:\windows\system32\P0620Pin.dll [2005-05-10 36864] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304] c:\documents and settings\Pieter\Start Menu\Programs\Startup\ is-16TD9.lnk - c:\documents and settings\Pieter\Desktop\Virus Removal Tool\is-16TD9\startup.exe [2009-7-11 65536] is-C133G.lnk - c:\documents and settings\Pieter\Desktop\Virus Removal Tool1\is-C133G\startup.exe [2009-7-11 65536] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-6-11 110592] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-3-4 389120] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Shareaza\\Shareaza.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"= "c:\\Program Files\\SightSpeed\\SightSpeed.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [26/08/2008 19:43 32784] R1 is-16TD9drv;is-16TD9drv;c:\windows\system32\drivers\38813292.sys [11/07/2009 13:19 148496] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/04/2009 12:38 92008] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [26/08/2008 19:43 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [26/08/2008 19:43 24592] . Contents of the 'Scheduled Tasks' folder 2009-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57] 2009-07-25 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-11 22:17] 2009-07-25 c:\windows\Tasks\Norton Security Scan for Pieter.job - c:\program files\Norton Security Scan\Nss.exe [2009-03-13 03:53] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.standaard.be/ uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f mSearchAssistant = hxxp://www.google.com/ie IE: &Search IE: Download &Youtube Free - c:\program files\Download Youtube Free\save.htm DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Pieter\Application Data\Mozilla\Firefox\Profiles\jtjnlzxc.default\ FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-07-25 19:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(860) c:\windows\system32\Ati2evxx.dll c:\windows\System32\klogon.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\rundll32.exe c:\program files\Java\jre1.5.0\bin\jucheck.exe c:\program files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe c:\progra~1\WinZip\WZQKPICK.EXE c:\windows\system32\wdfmgr.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe . ************************************************************************** . Completion time: 2009-07-25 19:15 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-25 17:15 Pre-Run: 1.629.229.056 bytes free Post-Run: 3.403.808.768 bytes free 437 --- E O F --- 2009-07-14 20:16

Bedankt voor de info. Hieronder de Malwarebyte-logfile Malwarebytes' Anti-Malware 1.39 Database versie: 2498 Windows 5.1.2600 Service Pack 2 25/07/2009 16:53:49 mbam-log-2009-07-25 (16-53-48).txt Scan type: Volledige Scan (A:\|C:\|D:\|E:\|) Objecten gescand: 359890 Verstreken tijd: 4 hour(s), 42 minute(s), 4 second(s) Geheugenprocessen geïnfecteerd: 3 Geheugenmodulen geïnfecteerd: 1 Registersleutels geïnfecteerd: 2 Registerwaarden geïnfecteerd: 1 Registerdata bestanden geïnfecteerd: 1 Mappen geïnfecteerd: 1 Bestanden geïnfecteerd: 150 Geheugenprocessen geïnfecteerd: c:\IQQeRfuc.exe (Trojan.Downloader) -> Unloaded process successfully. c:\IQQeRfuc.exe (Trojan.Downloader) -> Unloaded process successfully. c:\IQQeRfuc.exe (Trojan.Downloader) -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\Typelib\{b6ae55bf-4617-93ef-6ea4-4e52199ca591} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully. Mappen geïnfecteerd: C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot. Bestanden geïnfecteerd: C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot. c:\IQQeRfuc.exe (Trojan.Downloader) -> Delete on reboot. c:\Af1f.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\iPe.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\iPQ.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\iTk.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\iuu2X.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\IVFT0y.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\HBek.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\pWFYFR.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\RP5Ew.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\sttHVUr.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\bDFXB7y.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\BOf.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\PLlghL.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\pmfhI26.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Pnw5Wn.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\pTx77u.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\MiKx.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\mit.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Mledux.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\MRcW1x2.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\MTBjRYsc.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\mx67Q.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\wg2dwIp.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WnTwA.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WUCIAWWZ.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WXi4CQ4S.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\E1tWb.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\E5xL.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\EB6fl.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\R3rKPalK.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\R5cyQRf.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\r7Jza.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\rnehGjI.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\gHMm.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\gLM5fCu.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\H0V8wzM.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\H2eTaatP.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\kaFEhAjb.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\kGKTwiB8.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\kLF2.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\KRqnk.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\KWK8s.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\kxWA8.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\kzSeAa0l.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\L8AB.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\L9uK1bL.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\nzqa.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\OD6DHA63.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\OD6WO.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Od8.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\TtqJG.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\tvxzWhD.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\U64.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\uLAMd4Px.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\ULyA.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\uM5Q8.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\UYdH.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\xXDtdG.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\yhpr5hnV.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\yWY7UrH.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\CvxqZ7.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\d3zw.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\DBrF.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Df9Wi.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\pYPs.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\qaBkV1X.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\qEqb.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\qmR.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\qOZog.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\qPN.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\qrvECnXR.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\rs5nj3G.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Rzx4FPm4.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\s75oK.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\SEJ9i.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Si2om.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\SJv8hM.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\sKmL3o9X.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\HJ4m.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\HsX2GyhA.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\hW1pJ2.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\i6kNH.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\i87WI.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\ICW.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\ieu2e.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\IEY1.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\vAHjetzv.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\vAr.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\vH0Xt5ZB.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\VMawCl.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\vp5.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\vPmyUMhl.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\vv3WpG.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\LHuP1cQ.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\ltP.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\lx2pi.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\mB84.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\mEo.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\meYoyRVk.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\MGDud7C.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\FnO3mtgS.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\fWNcBXL.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\FZOVjeF.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\NaWPh2.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\nbFu.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\NcvzpkH.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\NDoW.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\NGNNWu3.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\JtY3.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Jzol.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\oPRqm.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\orNy.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\OUZI.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\oY6oBz.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\P3SXJ.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Pi0Ky.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\zhcrEZk.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\ZzxrLVxN.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\tdD.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\tfjPF.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\THKQKcsT.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\TKVQs.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\TOL.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\BOXcKO3u.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\brhAhAj.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\bTSgxIK2.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\C4wqnOC3.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\CAq0a.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Cdx.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Cel3c.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\x79.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\xKXLgn.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\dpZ.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\dy0.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\system volume information\_restore{2a193827-01de-469a-ba43-4711819d1e09}\RP157\A0008367.DLL (Adware.FunWeb) -> Quarantined and deleted successfully. c:\system volume information\_restore{2a193827-01de-469a-ba43-4711819d1e09}\RP197\A0017088.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\system volume information\_restore{2a193827-01de-469a-ba43-4711819d1e09}\RP197\A0017091.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\system volume information\_restore{2a193827-01de-469a-ba43-4711819d1e09}\RP197\A0017100.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\system volume information\_restore{2a193827-01de-469a-ba43-4711819d1e09}\RP197\A0017103.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\system volume information\_restore{2a193827-01de-469a-ba43-4711819d1e09}\RP197\A0017106.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\system volume information\_restore{2a193827-01de-469a-ba43-4711819d1e09}\RP200\A0017992.dll (Adware.MyWeb) -> Quarantined and deleted successfully. c:\WINDOWS\system32\10571.exe (Trojan.Waledac) -> Quarantined and deleted successfully. c:\WINDOWS\system32\4920.exe (Trojan.Waledac) -> Quarantined and deleted successfully. c:\WINDOWS\system32\drivers\ip_fw.sys (Trojan.Backdoor) -> Quarantined and deleted successfully. c:\documents and settings\Pieter\Desktop\softwarefortubeview.40019.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\documents and settings\Pieter\Desktop\verzameling harde schijf\my shared folder\Chuzzle_Deluxe_1.0_GH_crack.exe (Malware.Packer) -> Quarantined and deleted successfully. c:\documents and settings\Pieter\my documents\documents and settings\all users\application data\{1b0cc100-80e7-4108-844f-6244f1fcfcc1}\offline\ifgmgcemrafaknxeimmaxfnsdrffff0\memman.vxd (Rogue.sysCleanerPro) -> Quarantined and deleted successfully. C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully. En dit is de nieuwe Hijack-logfile Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:03:57, on 25/07/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Java\jre1.5.0\bin\jucheck.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Shareaza\Shareaza.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Documents and Settings\Pieter\Desktop\Virus Removal Tool\is-16TD9\is-16TD9.exe C:\Documents and Settings\Pieter\Desktop\Virus Removal Tool1\is-C133G\is-C133G.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\SNDVOL32.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De Standaard Online R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.coften.be R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: (no name) - {C90DBB52-46E0-4E65-92BC-799ADEE54C86} - C:\PROGRA~1\Flash2X\FLASHP~1\FLASHP~1.DLL O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513 O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnHost] c:\IHIX9te3.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnMessendger] c:\IHIX9te3.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [MsnHost] c:\IHIX9te3.exe (User 'Default user') O4 - Startup: is-16TD9.lnk = C:\Documents and Settings\Pieter\Desktop\Virus Removal Tool\is-16TD9\startup.exe O4 - Startup: is-C133G.lnk = C:\Documents and Settings\Pieter\Desktop\Virus Removal Tool1\is-C133G\startup.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Pieter\Application Data\Dealio\kb127\res\DealioSearch.html O8 - Extra context menu item: Download &Youtube Free - C:\Program Files\Download Youtube Free\save.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=www.coften.be O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mailserv.sofico.be/iNotes6W.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181295815703 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: "c:\progra~1\kasper~1\kasper~1.0\adialhk.dll" O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 9935 bytes

Hoi Sinds een paar dagen is mijn pc heel traag. Ik heb het vermoeden dat er een virusbesmetting of iets dergelijks is. Trojans? Hoe dan, ik heb CC Cleaner laten lopen, en Malwarebytes Anti-Malware, maar het probleem blijft. Momenteel lijk ik niet sneller dan pakweg 2kb/s te kunnen downloaden... Ik heb via Hijakthis een scan gedaan, hieronder de logdata. Hopelijk kan iemand helpen!! Grtn P Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:35:50, on 24/07/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Java\jre1.5.0\bin\jucheck.exe C:\Program Files\Search Settings\SearchSettings.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\system32\10571.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\taskmgr.exe c:\iPe.exe C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe c:\iPe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De Standaard Online R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.coften.be R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5AF4B996-C96C-41A2-8678-5F5A46E01EE8} - C:\PROGRA~1\DOWNLO~1\DETECT~1.DLL O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: (no name) - {C90DBB52-46E0-4E65-92BC-799ADEE54C86} - C:\PROGRA~1\Flash2X\FLASHP~1\FLASHP~1.DLL O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513 O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\Pieter\LOCALS~1\Temp\11103.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Msn] c:\iPe.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnMessendger] c:\iPe.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Msn] c:\iPe.exe (User 'Default user') O4 - Startup: is-16TD9.lnk = C:\Documents and Settings\Pieter\Desktop\Virus Removal Tool\is-16TD9\startup.exe O4 - Startup: is-C133G.lnk = C:\Documents and Settings\Pieter\Desktop\Virus Removal Tool1\is-C133G\startup.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Pieter\Application Data\Dealio\kb127\res\DealioSearch.html O8 - Extra context menu item: Download &Youtube Free - C:\Program Files\Download Youtube Free\save.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Download Youtube Free - {655A0B37-3AD2-429D-BF2F-0C8EE4ACA08A} - C:\Program Files\Download Youtube Free\save.htm (file missing) (HKCU) O9 - Extra 'Tools' menuitem: &Launch Download Youtube Free - {655A0B37-3AD2-429D-BF2F-0C8EE4ACA08A} - C:\Program Files\Download Youtube Free\save.htm (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=www.coften.be O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mailserv.sofico.be/iNotes6W.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181295815703 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: "c:\progra~1\kasper~1\kasper~1.0\adialhk.dll" O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ipfw_helper (ipfw) - Unknown owner - C:\WINDOWS\system32\10571.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 10921 bytes

Kape Bij die Java-zaken is het even verkeerd gegaan. Alles was naar de vaantjes, had geen muis noch toetsenbord meer, maar via zoiets als 'beveiligd aanloggen' of hoe heet het nu alweer, ben ik gelukkig weer binnen. Ik vind maar één Java-programma: J2SE Runtime Environment 5.0, maar da's 72 MB groot. Moet ik dat daadwerkelijk wegshotten?? Kasperski kwam er zich mee bemoeien en wou het ongedaan maken, en toen heb ik blijkbaar op de verkeerde knop gedrukt, met alle problemen tot gevolg... Soit, graag nog even bevestiging. Bedankt! P

Beste Kape en Ampoel Al hartelijk bedankt voor de snelle reactie. De eerste resultaten zijn zeeeer belovend . Nadat het runnen van Malwarebytes lijkt alles weer dik in orde: Program-files back in business, CTRL + ALT + DELETE... snelheid... Ziet der prima in orde uit. Ik heb dan nog de scan met Hijack gedaan en gefixed. Ik heb wel niet alle bestanden uit je lijstje kunnen aanvinken, omdat ze (tenzij ik wel heel scheel keek) niet allemaal in mijn lijstje voorkwamen. Soit, wat ik gevonden heb, heb ik gefixed. Bijgevoegd een nieuwe log van Hijack + de log van Malwarebytes. Moet er nu nog iets gebeuren? Alvast nogmaals zwaar bedankt! Pieter Hijack-log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:50:06, on 25/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Java\jre1.5.0\bin\jucheck.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Shareaza\Shareaza.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN: home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.coften.be R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: (no name) - {C4CB6604-28BA-47AA-9166-A65F5D527AC4} - (no file) O3 - Toolbar: (no name) - {254B87BB-510D-41FA-A887-52C5FA9BE585} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=www.coften.be O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181295815703 O16 - DPF: {BBF89515-EDB6-4236-8FBB-B6045290076D} (Image Uploader ShellCombo Control) - http://tools.ebay.be/easylister/components/ImageUploader4_3-1-3.cab O20 - AppInit_DLLs: "c:\progra~1\kasper~1\kasper~1.0\adialhk.dll" O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7558 bytes Malwarebytes-log Malwarebytes' Anti-Malware 1.25 Database versie: 1087 Windows 5.1.2600 Service Pack 2 20:36:06 25/08/2008 mbam-log-08-25-2008 (20-36-06).txt Scan type: Snelle Scan Objecten gescand: 50139 Verstreken tijd: 7 minute(s), 14 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 1 Registersleutels geïnfecteerd: 35 Registerwaarden geïnfecteerd: 12 Registerdata bestanden geïnfecteerd: 24 Mappen geïnfecteerd: 2 Bestanden geïnfecteerd: 64 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: C:\WINDOWS\system32\857060\857060.dll (Trojan.BHO) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e5646f36-145e-4f1d-b6d1-87c5efc5ba1c} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcdunoi (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e5646f36-145e-4f1d-b6d1-87c5efc5ba1c} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6ccbafc1-5285-494f-93f1-6894c87a9c43} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6ccbafc1-5285-494f-93f1-6894c87a9c43} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{300cf5c9-f02d-4cb8-abed-9c229da56825} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{97d2dfac-9acb-4d6f-ac2b-ab6ee090f649} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{254b87bb-510d-41fa-a887-52c5fa9be585} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.Vapsup) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\x123.x123mgr (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\x123.x123mgr.1 (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\vwsrfton.bmaf (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\vwsrfton.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (Yanga ) Good: (Google) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (Yanga ) Good: (Google) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (Google) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (Google) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (Yanga {searchTerms}) Good: (Google) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (Google) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (Google) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (Internet Explorer Search) Good: (Google) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (Yanga {searchTerms}) Good: (Google) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-640-2230167-23193) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (H:mm:ss) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mappen geïnfecteerd: C:\Program Files\Antivirus 2008 (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\WINDOWS\system32\857060 (Trojan.BHO) -> Delete on reboot. Bestanden geïnfecteerd: C:\WINDOWS\system32\efcDUnOi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tuvVppmK.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\KmppVvut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\KmppVvut.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ubtlrxpp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ppxrltbu.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\857060\857060.dll (Trojan.BHO) -> Delete on reboot. C:\WINDOWS\edpw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\ateqoflr.exe (Trojan.Vapsup) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iifcAPjG.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\urqQ***X.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fccdbXnL.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gebqphbx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jkkJaxYR.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdssadw.dll (Trojan.Virantix) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdsslog.dll (Trojan.Virantix) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdssmain.dll (Trojan.Virantix) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdssserf.dll (Trojan.Virantix) -> Quarantined and deleted successfully. C:\WINDOWS\system32\khfEXqRh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\awtussTj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\byXOggge.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xhkasyqh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xxyvtRki.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\smkttrwg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nnnkJCvu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qfkduo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qoMccBuT.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Program Files\Antivirus 2008\vscan.tsi (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM27ad2878.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM27ad2878.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Program Files\Applications\iebt.dll (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\iebtm.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\iebtmm.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\iebtu.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\iebu.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\wcm.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\wcs.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Applications\wcu.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Pieter\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Pieter\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Pieter\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Pieter\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Pieter\Local Settings\Temp\s1265.php (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Pieter\Local Settings\Temp\dssc32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Pieter\Local Settings\Temp\sdfd1.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Pieter\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Pieter\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Pieter\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Desktop\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Desktop\Online Spyware Test.url (Rogue.Link) -> Quarantined and deleted successfully.

Hallo Door mijn eigen stommiteit heb ik vorige week een trojan binnengehaald en binnen het uur was mijn systeem helemaal overhoop... Het heeft mij 8 uur geduurd om via Kaspersky weer min of meer een werkbare omgeving te krijgen, maar 7 dagen en een hoop problemen later kom ik tot de vaststelling dat alles behalve ok is. Kaspersky lijkt mij niet te helpen. Een oplijsting van de problemen: 1) Internet is gevoelig trager geworden (pakweg 50% van de voormalige snelheid) 2) mijn 'Program Files' en nog wat links die je via de start-knop krijgt, zijn verdwenen. 3) Explorer via Windows+E openen gaat niet meer. Alleen via een omweg (Kaspersky) raak ik nog op mijn C-schijf 4) Mijn F10-toets die tijdens het opstarten de HP recovery tool zou moeten triggeren, doet ook al niets meer. 5) CTRL + ALT + DEL leidt tot de boodschap 'The Task Manager has been disabled by your administrator'. 6) Rechts onder heb ik ook zo'n icoontje 'Unable to complete genuine Windows validation'. Dat is het ongeveer. Vanmiddag was ook plots mijn internet weg en kon ik zelfs een tijd niet meer aanloggen (alles blokkeerde constant). Ik ben al blij dat ik hier nu toch alweer online ben gekomen. Soit, allesbehalve leuk. Weet iemand raad? Ik heb géén Windows-cd (werd op de machine meegeleverd) en aangezien mijn F10 niets meer doet... :-( Ik heb ook zo'n Hijack-scan gedaan. Niet dat ik er iets mee kan aanvangen, maar misschien toch nuttig. De log staat hieronder. Hopelijk kan iemand mij helpen! Soxwox Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:24: VIRUS ALERT!, on 24/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Java\jre1.5.0\bin\jucheck.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Shareaza\Shareaza.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN: home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.coften.be R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Internet Explorer Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: 857060 helper - {6CCBAFC1-5285-494F-93F1-6894C87A9C43} - C:\WINDOWS\system32\857060\857060.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: (no name) - {C4CB6604-28BA-47AA-9166-A65F5D527AC4} - (no file) O2 - BHO: (no name) - {E5646F36-145E-4F1D-B6D1-87C5EFC5BA1C} - C:\WINDOWS\system32\efcDUnOi.dll (file missing) O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: vwsrfton - {ABA69CF4-20FB-42CE-BB6D-B6171D64B8EC} - C:\WINDOWS\vwsrfton.dll (file missing) O3 - Toolbar: Internet Service - {254B87BB-510D-41FA-A887-52C5FA9BE585} - C:\Program Files\Applications\iebr.dll (file missing) O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - Antispyware 2008 (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - Antispyware 2008 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=www.coften.be O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181295815703 O16 - DPF: {BBF89515-EDB6-4236-8FBB-B6045290076D} (Image Uploader ShellCombo Control) - http://tools.ebay.be/easylister/components/ImageUploader4_3-1-3.cab O20 - AppInit_DLLs: "c:\progra~1\kasper~1\kasper~1.0\adialhk.dll" O20 - Winlogon Notify: efcDUnOi - efcDUnOi.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9373 bytes