Ga naar inhoud

[OPGELOST] Traag opstarten van Windows XP SP1

Lorent

Door Lorent
in Archief Windows Algemeen

 Delen

Aanbevolen berichten

Lorent Groentje

Lorent

Geplaatst:
  • Auteur
Geplaatst:

Alles wat er gevraagd was (door kape), is nu gedaan.

Online scan Panda duurde wel redelijk lang, en heeft er wel t'één en t'ander gevonden.

Panda log :

Incident Status Location

Potentially unwanted tool:Application/SystemOrdnare Not disinfected C:\Documents and Settings\Di-Angelo\Application Data\setup_nl[1].exe

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Di-Angelo\Cookies\di-angelo@ad.yieldmanager[1].txt

Spyware:Cookie/AdvancedCleaner Not disinfected C:\Documents and Settings\Di-Angelo\Cookies\di-angelo@advancedcleaner[1].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Di-Angelo\Cookies\di-angelo@atdmt[2].txt

Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Di-Angelo\Cookies\di-angelo@bluestreak[2].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Di-Angelo\Cookies\di-angelo@bs.serving-sys[2].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Di-Angelo\Cookies\di-angelo@doubleclick[1].txt

Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Di-Angelo\Cookies\di-angelo@metriweb[1].txt

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Di-Angelo\Cookies\di-angelo@serving-sys[1].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Di-Angelo\Cookies\di-angelo@zedo[2].txt

Possible Virus. Not disinfected C:\Documents and Settings\Di-Angelo\Local Settings\Temporary Internet Files\Content.IE5\812RWLYZ\AntiVirusInstallFreeNM_en[1].exe

Virus:Generic Trojan Disinfected C:\Documents and Settings\Di-Angelo\Mijn documenten\Mijn afbeeldingen\visual 1.exe

Adware:Adware/Trymedia Not disinfected C:\Downloads\CabelasGrandSlamHunting2-dm[1].exe

Adware:Adware/AVSystemCare Not disinfected C:\Program Files\Common Files\SchijfBewaker\strpmon.exe

Virus:W32/ZlFake.A Disinfected C:\Program Files\Syncrosoft\POS\H2O\cledx.exe

Spyware:Spyware/New.net Not disinfected C:\Program Files\themexp\Themexp.org File\NNWDAB638.EXE

Adware:Adware/ClockSync Not disinfected C:\Program Files\themexp\Themexp.org File\VVSNInst.exe

Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall6_38.exe

Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall7_14.exe

Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall7_48.exe

Virus:W32/ZLFake.A.drp Disinfected C:\WINDOWS\SYSTEM32\i5N7jA13.exe

Virus:Trj/BHO.O Disinfected C:\WINDOWS\SYSTEM32\mFn1VdE5.dll

Adware:Adware/WinAntiVirus2007 Not disinfected C:\WINDOWS\SYSTEM32\mljighe.dll

Virus:W32/ZlFake.A Disinfected C:\WINDOWS\UpdReg.EXE

HJT log :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:47:58, on 7/02/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\WINDOWS\System32\CTXFIHLP.EXE

C:\WINDOWS\System32\WLTRAY.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\Common Files\SchijfBewaker\strpmon.exe

C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell België - startpagina - Computers, computerapparatuur, electronics en services.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [u.S. Robotics Wireless Manager UI] C:\WINDOWS\System32\WLTRAY

O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64"

O4 - HKLM\..\Run: [salestart] "C:\Program Files\Common Files\SchijfBewaker\strpmon.exe" dm=http://schijfbewaker.com ad=http://schijfbewaker.com sd=http://inlog.schijfbewaker.com

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup

O4 - HKLM\..\Run: [540585bb] rundll32.exe "C:\WINDOWS\System32\aqsaiagw.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Netlog 24] "C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202341215924

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 6559 bytes

ComboFix log :

ComboFix 08-02.05.3 - Di-Angelo 2008-02-07 13:51:22.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1043.18.365 [GMT 1:00]

Gestart vanuit: C:\Documents and Settings\Di-Angelo\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\cookies.ini

C:\WINDOWS\msettings.ini

C:\WINDOWS\NDNuninstall6_38.exe

C:\WINDOWS\NDNuninstall7_14.exe

C:\WINDOWS\NDNuninstall7_48.exe

C:\WINDOWS\system32\aqsaiagw.dll

C:\WINDOWS\system32\drivers\fad.sys

C:\WINDOWS\system32\lsprst7.dll

C:\WINDOWS\system32\ssprs.dll

C:\WINDOWS\SYSTEM32\stutv.ini

C:\WINDOWS\SYSTEM32\stutv.ini2

C:\WINDOWS\SYSTEM32\wgaiasqa.ini

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-01-07 to 2008-02-07 ))))))))))))))))))))))))))))))

.

2008-02-07 12:02 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS

2008-02-07 12:01 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\lssmftbltxie.sys

2008-02-07 11:47 . 2008-02-07 13:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan

2008-02-07 11:47 . 2008-02-07 11:47 <DIR> d-------- C:\WINDOWS\LastGood

2008-02-07 11:47 . 2008-02-07 11:47 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico

2008-02-07 11:47 . 2008-02-07 11:48 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico

2008-02-07 11:47 . 2008-02-07 11:47 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico

2008-02-07 03:28 . 2008-02-07 13:56 1,080 --a------ C:\WINDOWS\SYSTEM32\settingsbkup.sfm

2008-02-07 03:28 . 2008-02-07 13:56 1,080 --a------ C:\WINDOWS\SYSTEM32\settings.sfm

2008-02-07 03:16 . 2008-02-07 03:17 <DIR> d-------- C:\WINDOWS\LastGood.Tmp

2008-02-07 03:16 . 2002-08-29 02:01 134,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\portcls.sys

2008-02-07 03:16 . 2002-08-29 02:01 134,272 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\portcls.sys

2008-02-07 03:16 . 2002-08-29 01:32 57,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\drmk.sys

2008-02-07 03:16 . 2002-08-29 01:32 57,856 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\drmk.sys

2008-02-07 03:16 . 2001-09-06 21:27 22,016 --a------ C:\WINDOWS\SYSTEM32\wdmaud.drv

2008-02-07 02:55 . 2008-02-07 02:55 <DIR> d-------- C:\Program Files\Trend Micro

2008-02-07 00:46 . 2005-06-28 08:21 22,752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe

2008-02-07 00:45 . 2008-02-07 00:45 <DIR> d-------- C:\WINDOWS\SYSTEM32\bits

2008-02-07 00:41 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl

2008-02-07 00:25 . 2008-02-07 00:25 <DIR> d-------- C:\Program Files\themexp

2008-02-07 00:25 . 2008-02-07 13:48 <DIR> dr-h----- C:\Documents and Settings\Di-Angelo\Onlangs geopend

2008-02-06 22:30 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002326_.tmp

2008-02-06 22:28 . 2003-07-23 22:22 6,788 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\secupd.sig

2008-02-06 22:28 . 2003-07-23 22:22 4,573 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\secupd.dat

2008-02-06 22:27 . 2003-07-23 22:08 766,934 --a------ C:\WINDOWS\SYSTEM32\instcat.sql

2008-02-06 22:27 . 2003-07-23 22:13 294,912 --a------ C:\WINDOWS\SYSTEM32\msaud32.acm

2008-02-06 22:27 . 2003-07-23 22:10 290,816 --a------ C:\WINDOWS\SYSTEM32\l3codeca.acm

2008-02-06 22:27 . 2003-07-23 22:01 24,576 --a------ C:\WINDOWS\SYSTEM32\cliconfg.rll

2008-02-06 22:27 . 2003-07-23 22:08 14,848 --a------ C:\WINDOWS\SYSTEM32\imaadp32.acm

2008-02-06 22:27 . 2003-07-23 22:13 13,312 --a------ C:\WINDOWS\SYSTEM32\msadp32.acm

2008-02-06 22:27 . 2003-07-23 22:03 1,740 --a------ C:\WINDOWS\SYSTEM32\dcache.bin

2008-02-06 22:26 . 2003-07-23 22:18 235,296 --a------ C:\ntldr

2008-02-06 22:26 . 2003-07-23 22:10 209,010 --a------ C:\WINDOWS\SYSTEM32\locale.nls

2008-02-06 22:26 . 2003-07-23 22:24 98,304 --a------ C:\WINDOWS\SYSTEM32\sqlsrv32.rll

2008-02-06 22:26 . 2003-07-23 22:23 86,016 --a------ C:\WINDOWS\SYSTEM32\sl_anet.acm

2008-02-06 22:26 . 2003-07-23 22:24 21,116 --a------ C:\WINDOWS\SYSTEM32\sorttbls.nls

2008-02-06 20:41 . 2004-03-30 02:51 253,952 --a------ C:\WINDOWS\SYSTEM32\h323(3).tsp

2008-02-06 20:40 . 2004-03-30 02:51 440,832 --a------ C:\WINDOWS\SYSTEM32\ipnathlp(3).dll

2008-02-06 20:40 . 2004-03-30 02:51 306,176 --a------ C:\WINDOWS\SYSTEM32\netapi32(3).dll

2008-02-06 20:39 . 2008-02-07 01:37 1,355 --a------ C:\WINDOWS\imsins.BAK

2008-02-06 19:11 . 2006-09-13 06:10 1,110,528 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll

2008-02-06 19:10 . 2005-06-17 23:27 1,018,368 --a------ C:\WINDOWS\SYSTEM32\BROWSEUI(2).DLL

2008-02-06 19:10 . 2006-06-23 12:29 580,096 --a------ C:\WINDOWS\SYSTEM32\WININET.DLL

2008-02-06 19:10 . 2006-06-23 12:29 580,096 --a------ C:\WINDOWS\SYSTEM32\WININET(3).DLL

2008-02-06 19:10 . 2006-08-31 06:57 463,360 --a------ C:\WINDOWS\SYSTEM32\URLMON(3).DLL

2008-02-06 19:08 . 2005-07-26 05:39 1,190,400 --a------ C:\WINDOWS\SYSTEM32\ole32.dll

2008-02-06 19:07 . 2004-10-28 02:31 687,104 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll

2008-02-06 19:06 . 2006-03-17 06:07 8,398,848 --a------ C:\WINDOWS\SYSTEM32\shell32(3).dll

2008-02-06 19:06 . 2006-06-26 18:49 140,288 --a------ C:\WINDOWS\SYSTEM32\dnsapi(3).dll

2008-02-06 19:06 . 2006-03-01 20:46 83,456 --a------ C:\WINDOWS\SYSTEM32\mtxoci.dll

2008-02-06 19:06 . 2006-03-01 20:46 83,456 --a------ C:\WINDOWS\SYSTEM32\mtxoci(3).dll

2008-02-06 19:06 . 2006-03-01 20:46 64,512 --a------ C:\WINDOWS\SYSTEM32\mtxclu.dll

2008-02-06 19:06 . 2006-03-01 20:46 64,512 --a------ C:\WINDOWS\SYSTEM32\mtxclu(3).dll

2008-02-06 19:06 . 2006-03-17 01:49 25,600 --------- C:\WINDOWS\SYSTEM32\verclsid.exe

2008-02-06 19:06 . 2006-06-26 18:49 6,144 --a------ C:\WINDOWS\SYSTEM32\rasadhlp(3).dll

2008-02-06 18:54 . 2008-02-07 01:37 <DIR> d-------- C:\WINDOWS\$hf_mig$

2008-02-06 18:50 . 2004-07-01 23:10 360,448 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\qmgr.dll

2008-02-06 18:50 . 2004-07-01 23:10 331,776 --a------ C:\WINDOWS\SYSTEM32\winhttp.dll

2008-02-06 18:50 . 2004-07-01 23:10 331,776 --a------ C:\WINDOWS\SYSTEM32\winhttp(2).dll

2008-02-06 18:50 . 2004-07-01 23:10 331,776 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\winhttp.dll

2008-02-06 18:50 . 2004-07-01 23:10 17,408 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll

2008-02-06 18:50 . 2004-07-01 23:10 17,408 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\qmgrprxy.dll

2008-02-06 18:50 . 2004-07-01 23:10 7,680 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\bitsprx2.dll

2008-02-06 18:50 . 2004-07-01 23:10 7,680 --------- C:\WINDOWS\SYSTEM32\bitsprx2.dll

2008-02-06 18:50 . 2004-07-01 23:10 7,168 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\bitsprx3.dll

2008-02-06 18:50 . 2004-07-01 23:10 7,168 --------- C:\WINDOWS\SYSTEM32\bitsprx3.dll

2008-02-06 18:46 . 2008-02-07 00:25 <DIR> d-------- C:\Program Files\CCleaner

2008-02-06 15:58 . 2008-02-07 13:56 64,756 --a------ C:\WINDOWS\SYSTEM32\DVCState-{00000001-00000000-00000004-00001102-00000005-00231102}.rfx

2008-02-06 15:58 . 2008-02-07 13:56 54,928 --a------ C:\WINDOWS\SYSTEM32\BMXStateBkp-{00000001-00000000-00000004-00001102-00000005-00231102}.rfx

2008-02-06 15:58 . 2008-02-07 13:56 54,928 --a------ C:\WINDOWS\SYSTEM32\BMXState-{00000001-00000000-00000004-00001102-00000005-00231102}.rfx

2008-02-06 15:56 . 2001-09-06 21:27 22,016 --a------ C:\WINDOWS\SYSTEM32\wdmaud(3).drv

2008-02-06 15:45 . 2003-05-30 09:00 1,962,496 --a------ C:\WINDOWS\SYSTEM32\quartz(2).dll

2008-02-06 15:45 . 2003-05-30 09:00 797,184 --a------ C:\WINDOWS\SYSTEM32\d3dim700(2).dll

2008-02-06 15:45 . 2002-12-12 00:14 355,328 --a------ C:\WINDOWS\SYSTEM32\dsound(2).dll

2008-02-06 15:45 . 2002-12-12 00:14 284,160 --a------ C:\WINDOWS\SYSTEM32\ddraw(2).dll

2008-02-06 15:45 . 2003-05-30 09:00 132,608 --a------ C:\WINDOWS\SYSTEM32\devenum(2).dll

2008-02-06 15:45 . 2003-03-24 09:00 68,096 --a------ C:\WINDOWS\SYSTEM32\dpnhupnp(2).dll

2008-02-06 15:45 . 2002-12-12 00:14 13,312 --a------ C:\WINDOWS\SYSTEM32\msdmo(2).dll

2008-02-05 23:53 . 2008-02-05 23:53 29 --a------ C:\WINDOWS\sfbm.INI

2008-02-05 22:22 . 2008-02-05 22:22 1,374 --a------ C:\WINDOWS\SYSTEM32\wpa.bak

2008-02-05 21:25 . 2003-10-02 14:17 155,648 --a------ C:\WINDOWS\SYSTEM32\igfxres.dll

2008-02-05 17:00 . 2003-07-23 21:58 150,016 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\winzm.ime

2008-02-05 17:00 . 2003-07-23 21:58 150,016 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\winsp.ime

2008-02-05 16:58 . 2003-07-23 21:57 13,463,552 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll

2008-02-05 16:57 . 2003-07-23 21:57 10,096,640 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hwxcht.dll

2008-02-05 16:56 . 2003-07-23 22:04 1,293,824 --a------ C:\WINDOWS\SYSTEM32\dsound3d.dll

2008-02-05 16:55 . 2003-07-23 22:02 561,152 --a------ C:\WINDOWS\SYSTEM32\crypt32.dll

2008-02-05 16:55 . 2003-07-23 22:02 561,152 --a------ C:\WINDOWS\SYSTEM32\crypt32(3).dll

2008-02-05 16:54 . 2003-07-23 22:33 318,976 --a------ C:\WINDOWS\SYSTEM32\zipfldr.dll

2008-02-05 16:52 . 2003-07-23 22:22 129,536 --a------ C:\WINDOWS\SYSTEM32\shmedia.dll

2008-02-05 16:51 . 2003-07-23 22:17 1,635,840 --a------ C:\WINDOWS\SYSTEM32\netshell.dll

2008-02-05 16:51 . 2003-07-23 22:17 1,635,840 --a------ C:\WINDOWS\SYSTEM32\netshell(3).dll

2008-02-05 16:51 . 2003-07-23 22:24 264,704 --a------ C:\WINDOWS\SYSTEM32\wzcsvc.dll

2008-02-05 16:51 . 2003-07-23 22:24 264,704 --a------ C:\WINDOWS\SYSTEM32\wzcsvc(3).dll

2008-02-05 16:51 . 2003-07-23 22:16 167,552 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ndis.sys

2008-02-05 16:51 . 2003-07-23 22:31 57,344 --a------ C:\WINDOWS\SYSTEM32\wzcdlg.dll

2008-02-05 16:51 . 2003-07-23 22:24 23,552 --a------ C:\WINDOWS\SYSTEM32\wzcsapi.dll

2008-02-05 16:51 . 2003-07-23 22:24 12,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ndisuio.sys

2008-02-05 16:49 . 2006-07-14 16:37 519,168 --a------ C:\WINDOWS\SYSTEM32\hhctrl.ocx

2008-02-05 16:49 . 2005-05-27 03:04 143,872 --a------ C:\WINDOWS\SYSTEM32\itircl.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-07 12:58 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-02-07 12:42 90,112 ----a-w C:\WINDOWS\UpdReg.EXE

2008-02-07 12:13 --------- d-----w C:\Program Files\Norton AntiVirus

2008-02-07 12:13 --------- d-----w C:\Program Files\MSN Messenger

2008-02-07 11:44 --------- d-----w C:\Program Files\Common Files\SchijfBewaker

2008-02-07 04:57 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-02-07 01:58 --------- d-----w C:\Program Files\Notepad++

2008-02-07 01:58 --------- d-----w C:\Documents and Settings\Di-Angelo\Application Data\Notepad++

2008-02-06 23:27 --------- d-----w C:\Program Files\Creative

2008-02-05 22:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative

2008-02-05 03:42 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-05 03:42 --------- d-----w C:\Program Files\Atari

2008-02-05 03:40 --------- d-----w C:\Documents and Settings\Di-Angelo\Application Data\Atari

2008-02-04 22:34 --------- d-----w C:\Documents and Settings\Di-Angelo\Application Data\uTorrent

2007-12-23 14:28 --------- d-----w C:\Documents and Settings\Di-Angelo\Application Data\Raptisoft

2007-12-21 21:37 --------- d-----w C:\Program Files\SchijfBewaker

2007-12-20 18:23 --------- d-----w C:\Documents and Settings\Di-Angelo\Application Data\schijfbewaker

2007-12-20 18:18 --------- d-----r C:\Documents and Settings\All Users\Application Data\schijfbewaker

2007-12-20 18:18 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon

2007-12-20 18:14 257,552 ----a-w C:\Documents and Settings\Di-Angelo\Application Data\setup_nl[1].exe

2007-12-18 17:24 --------- d-----w C:\Program Files\Macrogaming

2007-12-15 20:30 --------- d-----w C:\Program Files\VirtualDJ

2007-12-15 14:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2007-12-15 13:45 --------- d-----w C:\Program Files\Netlog 24

2007-12-15 13:44 --------- d-----w C:\Program Files\Windows Live

2007-07-02 17:21 745,694 ----a-w C:\Program Files\SFX_Machine_Pro_1.10.exe

2007-06-18 11:49 17,874,288 ----a-w C:\Program Files\Install_Messenger.exe

2005-04-09 16:10 2,204 ----a-w C:\Program Files\unins000.dat

2003-06-16 13:23 131,072 -c--a-w C:\Program Files\T2DXi.dll

2003-06-16 13:17 4,317,184 ----a-w C:\Program Files\Triangle II.dll

2003-06-03 10:33 90,112 ----a-w C:\Program Files\Triangle II.exe

2002-12-17 01:00 82,253 ----a-w C:\Program Files\unins000.exe

2004-01-23 00:57 32 --sha-w C:\WINDOWS\{E64CC7F2-30BC-41F9-AE18-42A7D6B141F7}.dat

2004-01-23 00:57 32 --sha-w C:\WINDOWS\SYSTEM32\{FF3EBA0E-B375-40B2-9329-EF200E0D6781}.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FD7F26F-FF98-4AC2-95F0-2D2AA6F6EAA2}]

2007-12-27 17:30 314752 --a------ C:\WINDOWS\System32\vtuts.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]

2007-12-27 17:25 24288 --a------ C:\WINDOWS\system32\mljighe.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-07-23 22:02 13312]

"Netlog 24"="C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe" [2008-02-07 00:54 1380352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-10-02 14:37 155648]

"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-10-02 14:19 118784]

"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 02:01 155648]

"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 20:47 204800]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-12-06 10:28 54496]

"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-12-06 10:29 58592]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]

"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2008-02-07 13:22 200069]

"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]

"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34 122880]

"CTHelper"="CTHELPER.EXE" [2006-12-12 10:46 19456 C:\WINDOWS\SYSTEM32\CtHelper.exe]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 10:46 20480 C:\WINDOWS\SYSTEM32\Ctxfihlp.exe]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2008-02-07 13:42 90112]

"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-12-04 12:34 406016]

"U.S. Robotics Wireless Manager UI"="C:\WINDOWS\System32\WLTRAY" [ ]

"EPSON Stylus C64 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2003-05-27 04:08 99840]

"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]

"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-07-23 22:02 13312]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 18:05:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\mljighe.dll [2007-12-27 17:25 24288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljighe]

mljighe.dll 2007-12-27 17:25 24288 C:\WINDOWS\SYSTEM32\mljighe.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\System32\vtuts.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^MA003DMN.LNK]

path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\MA003DMN.LNK

backup=C:\WINDOWS\pss\MA003DMN.LNKCommon Startup

R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\System32\DRIVERS\cledx.sys [2005-05-09 19:08]

R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\System32\drivers\ha20x2k.sys [2006-12-19 08:36]

S2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2003-07-23 22:25]

S3 autorun;autorun;c:\huadio.tmp [2004-05-10 18:14]

S3 CCCP106;TRUST 120 SPACEC@M;C:\WINDOWS\System32\DRIVERS\cccp106.sys [2003-04-09 10:17]

S3 ma763003;M-Audio Audiophile;C:\WINDOWS\System32\drivers\MA763003.sys [2005-11-12 15:31]

S3 MADFU003;MADFU003;C:\WINDOWS\System32\DRIVERS\MADFU003.sys [2005-11-12 15:31]

S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\System32\Drivers\PCASp50.sys [2004-09-07 15:42]

S3 RD1009;EDIROL UM-1 USB Driver;C:\WINDOWS\System32\Drivers\rdwm1009.sys [2001-07-23 12:59]

S3 RDID1020;EDIROL UM-550;C:\WINDOWS\System32\Drivers\rdwm1020.sys [2002-02-20 10:24]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-05 00:43]

S3 USBNP4X4;M-Audio Audiophile USB Midi;C:\WINDOWS\System32\drivers\usbnp4x4.sys [2005-11-12 15:31]

.

Inhoud van de 'Gedeelde Taken' map

"2008-02-04 23:43:34 C:\WINDOWS\Tasks\1-Click Maintenance.job"

- C:\Program Files\TuneUp Utilities 2008\OneClick.exe

"2008-02-06 23:02:02 C:\WINDOWS\Tasks\At1.job"

- C:\WINDOWS\System32\i5N7jA13.exe

"2008-02-07 08:02:12 C:\WINDOWS\Tasks\At10.job"

- C:\WINDOWS\System32\i5N7jA13.exe

"2008-02-07 09:01:00 C:\WINDOWS\Tasks\At11.job"

- C:\WINDOWS\System32\i5N7jA13.exe

"2008-02-07 10:01:05 C:\WINDOWS\Tasks\At12.job"

- C:\WINDOWS\System32\i5N7jA13.exe

"2008-02-07 11:02:10 C:\WINDOWS\Tasks\At13.job"

- C:\WINDOWS\System32\i5N7jA13.exe

"2008-02-07 12:01:01 C:\WINDOWS\Tasks\At14.job"

- C:\WINDOWS\System32\i5N7jA13.exe

"2008-02-07 13:00:00 C:\WINDOWS\Tasks\At15.job"

- C:\WINDOWS\System32\i5N7jA13.exe

"2008-02-05 16:03:33 C:\WINDOWS\Tasks\At16.job"

- C:\WINDOWS\System32\i5N7jA13.exe

"2008-02-06 15:01:57 C:\WINDOWS\Tasks\At17.job"

- C:\WINDOWS\System32\i5N7jA13.exe

"2008-02-06 16:01:02 C:\WINDOWS\Tasks\At18.job"

- C:\WINDOWS\System32\i5N7jA13.exe

"2008-02-06 17:01:01 C:\WINDOWS\Tasks\At19.job"

- C:\WINDOWS\System32\i5N7jA13.exe

"2008-02-07 00:01:01 C:\WINDOWS\Tasks\At2.job"

- C:\WINDOWS\System32\i5N7jA13.exe

"2008-02-06 18:01:01 C:\WINDOWS\Tasks\At20.job"

- C:\WINDOWS\System32\i5N7jA13.exe

"2008-02-06 19:01:02 C:\WINDOWS\Tasks\At21.job"

- C:\WINDOWS\System32\i5N7jA13.exe

"2008-02-06 20:01:02 C:\WINDOWS\Tasks\At22.job"

- C:\WINDOWS\System32\i5N7jA13.exe

"2008-02-06 21:02:14 C:\WINDOWS\Tasks\At23.job"

- C:\WINDOWS\System32\i5N7jA13.exe

"2008-02-06 22:46:15 C:\WINDOWS\Tasks\At24.job"

- C:\WINDOWS\System32\i5N7jA13.exe

"2008-02-07 01:02:03 C:\WINDOWS\Tasks\At3.job"

- C:\WINDOWS\System32\i5N7jA13.exe

"2008-02-07 02:02:14 C:\WINDOWS\Tasks\At4.job"

- C:\WINDOWS\System32\i5N7jA13.exe

"2008-02-07 03:02:13 C:\WINDOWS\Tasks\At5.job"

- C:\WINDOWS\System32\i5N7jA13.exe

"2008-02-07 04:01:00 C:\WINDOWS\Tasks\At6.job"

- C:\WINDOWS\System32\i5N7jA13.exe

"2008-02-07 05:01:00 C:\WINDOWS\Tasks\At7.job"

- C:\WINDOWS\System32\i5N7jA13.exe

"2008-02-07 06:01:00 C:\WINDOWS\Tasks\At8.job"

- C:\WINDOWS\System32\i5N7jA13.exe

"2008-02-05 16:03:33 C:\WINDOWS\Tasks\At9.job"

- C:\WINDOWS\System32\i5N7jA13.exe

"2008-01-18 19:13:49 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen.job"

- C:\PROGRA~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca

"2004-04-18 14:18:54 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-07 13:59:11

Windows 5.1.2600 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\mljighe.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.1106]

-> C:\WINDOWS\System32\vtuts.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2800.1106]

-> C:\WINDOWS\System32\vtuts.dll

-> C:\WINDOWS\system32\mljighe.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\System32\WLTRAY.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe

C:\Program Files\Messenger\msmsgs.exe

.

**************************************************************************

.

Voltooingstijd: 2008-02-07 14:04:03 - machine was rebooted

ComboFix-quarantined-files.txt 2008-02-07 13:03:56

ComboFix2.txt 2008-02-06 18:37:09

.

2008-02-07 00:38:37 --- E O F ---

Link naar reactie
Delen op andere sites
  • Reacties 21
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download VundoFix.exe naar je bureaublad.

[*]Dubbelklik VundoFix.exe om het te starten.

[*]Klik op de Scan for Vundo knop.

[*]Eenmaal gedaan met scannen, klik op de Remove Vundo knop.

[*]Je zal een melding krijgen of je de bestanden wilt laten verwijderen, klik YES

[*]Nadat je Yes hebt geklikt, zullen de icoontjes op je Bureaublad verdwijnen tijdens het verwijderen van Vundo.

[*]Wanneer voltooid zal je de melding krijgen dat het je PC zal afsluiten, klik OK.

[*]Start je pc terug opnieuw op.

[*]Post de inhoud van C:\vundofix.txt later in een volgende post.

Nota: Het is mogelijk dat VundoFix een bestand vindt dat niet kan verwijderd worden.

In dit geval zal VundoFix na het heropstarten van je pc nog eens opstarten. Dan moet je de instructies van hierboven nog eens uitvoeren vanaf: "Klik op Scan for Vundo."

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

C:\Program Files\Common Files\SchijfBewaker\strpmon.exe

O4 - HKLM\..\Run: [salestart] "C:\Program Files\Common Files\SchijfBewaker\strpmon.exe" dm=http://schijfbewaker.com ad=http://schijfbewaker.com sd=http://inlog.schijfbewaker.com

O4 - HKLM\..\Run: [540585bb] rundll32.exe "C:\WINDOWS\System32\aqsaiagw.dll",b

Klik op 'Fix checked' om de items te verwijderen.

Verwijder volgende vetgedrukte mappen (indien nog aanwezig) :

C:\Program Files\Common Files\SchijfBewaker

C:\Program Files\themexp

Openkladblok en plak het vetgedrukte in het open venster :

File::

C:\WINDOWS\SYSTEM32\mljighe.dll

C:\WINDOWS\imsins.BAK

C:\WINDOWS\System32\vtuts.dll

C:\WINDOWS\Tasks\1-Click Maintenance.job"

C:\WINDOWS\Tasks\At1.job"

C:\WINDOWS\Tasks\At10.job"

C:\WINDOWS\Tasks\At11.job"

C:\WINDOWS\Tasks\At12.job"

C:\WINDOWS\Tasks\At13.job"

C:\WINDOWS\Tasks\At14.job"

C:\WINDOWS\Tasks\At15.job"

C:\WINDOWS\Tasks\At16.job"

C:\WINDOWS\Tasks\At17.job"

C:\WINDOWS\Tasks\At18.job"

C:\WINDOWS\Tasks\At19.job"

C:\WINDOWS\Tasks\At2.job"

C:\WINDOWS\Tasks\At20.job"

C:\WINDOWS\Tasks\At21.job"

C:\WINDOWS\Tasks\At22.job"

C:\WINDOWS\Tasks\At23.job"

C:\WINDOWS\Tasks\At24.job"

C:\WINDOWS\Tasks\At3.job"

C:\WINDOWS\Tasks\At4.job"

C:\WINDOWS\Tasks\At5.job"

C:\WINDOWS\Tasks\At6.job"

C:\WINDOWS\Tasks\At7.job"

C:\WINDOWS\Tasks\At8.job"

C:\WINDOWS\Tasks\At9.job"

Registry::

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FD7F26F-FF98-4AC2-95F0-2D2AA6F6EAA2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljighe]

Sla dit op als tekstbestand CFScript.txt. Daarna sleep je dit bestand in Combofix. Dit zal Combofix opnieuw doen starten. Na het herstarten van je computer (indien gevraagd wordt om deze te herstarten), kopieer en plak je de inhoud van Combofix.txt in je volgende post samen met een nieuw log van HiJackThis en het log van Vundofix. En vertel in dat volgend bericht meteen erbij of er nog merkbare problemen zijn.

Link naar reactie
Delen op andere sites
Lorent Groentje

Lorent

Geplaatst:
  • Auteur
Geplaatst:

- Alles is gedaan zoals gevraagd, alleen deze stap kon ik niet uitvoeren omdat deze er niet meer in stonden :

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

C:\Program Files\Common Files\SchijfBewaker\strpmon.exe

O4 - HKLM\..\Run: [salestart] "C:\Program Files\Common Files\SchijfBewaker\strpmon.exe" dm=http://schijfbewaker.com ad=http://schijfbewaker.com sd=http://inlog.schijfbewaker.com

O4 - HKLM\..\Run: [540585bb] rundll32.exe "C:\WINDOWS\System32\aqsaiagw.dll",b

Klik op 'Fix checked' om de items te verwijderen.

VundoFix log :

VundoFix V6.7.8

Checking Java version...

Scan started at 15:15:35 7/02/2008

Listing files found while scanning....

C:\WINDOWS\system32\mljighe.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\mljighe.dll

C:\WINDOWS\system32\mljighe.dll Could not be deleted.

Performing Repairs to the registry.

Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\mljighe.dll

C:\WINDOWS\system32\mljighe.dll Has been deleted!

Performing Repairs to the registry.

Done!

HJT log :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:11:52, on 7/02/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\WINDOWS\System32\CTXFIHLP.EXE

C:\WINDOWS\System32\WLTRAY.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [u.S. Robotics Wireless Manager UI] C:\WINDOWS\System32\WLTRAY

O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64"

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Netlog 24] "C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202341215924

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: mljighe - C:\WINDOWS\

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 6212 bytes

ComboFix log :

ComboFix 08-02.05.3 - Di-Angelo 2008-02-07 16:59:32.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1043.18.444 [GMT 1:00]

Gestart vanuit: C:\Documents and Settings\Di-Angelo\Bureaublad\ComboFix.exe

Command switches used :: \\Lorent\share\CFScript.txt

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE

C:\WINDOWS\imsins.BAK

C:\WINDOWS\SYSTEM32\mljighe.dll

C:\WINDOWS\System32\vtuts.dll

C:\WINDOWS\Tasks\1-Click Maintenance.job"

C:\WINDOWS\Tasks\At1.job"

C:\WINDOWS\Tasks\At10.job"

C:\WINDOWS\Tasks\At11.job"

C:\WINDOWS\Tasks\At12.job"

C:\WINDOWS\Tasks\At13.job"

C:\WINDOWS\Tasks\At14.job"

C:\WINDOWS\Tasks\At15.job"

C:\WINDOWS\Tasks\At16.job"

C:\WINDOWS\Tasks\At17.job"

C:\WINDOWS\Tasks\At18.job"

C:\WINDOWS\Tasks\At19.job"

C:\WINDOWS\Tasks\At2.job"

C:\WINDOWS\Tasks\At20.job"

C:\WINDOWS\Tasks\At21.job"

C:\WINDOWS\Tasks\At22.job"

C:\WINDOWS\Tasks\At23.job"

C:\WINDOWS\Tasks\At24.job"

C:\WINDOWS\Tasks\At3.job"

C:\WINDOWS\Tasks\At4.job"

C:\WINDOWS\Tasks\At5.job"

C:\WINDOWS\Tasks\At6.job"

C:\WINDOWS\Tasks\At7.job"

C:\WINDOWS\Tasks\At8.job"

C:\WINDOWS\Tasks\At9.job"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\System32\vtuts.dll

C:\WINDOWS\imsins.BAK

C:\WINDOWS\SYSTEM32\stutv.ini

C:\WINDOWS\SYSTEM32\stutv.ini2

C:\WINDOWS\System32\vtuts.dll

C:\WINDOWS\Tasks\1-Click Maintenance.job

C:\WINDOWS\Tasks\At1.job

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At9.job

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-01-07 to 2008-02-07 ))))))))))))))))))))))))))))))

.

2008-02-07 15:15 . 2008-02-07 16:45 <DIR> d-------- C:\VundoFix Backups

2008-02-07 13:49 . 2003-07-23 22:01 386,560 --a------ C:\kmd.exe

2008-02-07 12:02 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS

2008-02-07 12:01 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\lssmftbltxie.sys

2008-02-07 11:47 . 2008-02-07 13:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan

2008-02-07 11:47 . 2008-02-07 11:47 <DIR> d-------- C:\WINDOWS\LastGood

2008-02-07 11:47 . 2008-02-07 11:47 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico

2008-02-07 11:47 . 2008-02-07 11:48 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico

2008-02-07 11:47 . 2008-02-07 11:47 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico

2008-02-07 03:28 . 2008-02-07 17:03 1,080 --a------ C:\WINDOWS\SYSTEM32\settingsbkup.sfm

2008-02-07 03:28 . 2008-02-07 17:03 1,080 --a------ C:\WINDOWS\SYSTEM32\settings.sfm

2008-02-07 03:16 . 2008-02-07 03:17 <DIR> d-------- C:\WINDOWS\LastGood.Tmp

2008-02-07 03:16 . 2002-08-29 02:01 134,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\portcls.sys

2008-02-07 03:16 . 2002-08-29 02:01 134,272 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\portcls.sys

2008-02-07 03:16 . 2002-08-29 01:32 57,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\drmk.sys

2008-02-07 03:16 . 2002-08-29 01:32 57,856 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\drmk.sys

2008-02-07 03:16 . 2001-09-06 21:27 22,016 --a------ C:\WINDOWS\SYSTEM32\wdmaud.drv

2008-02-07 02:55 . 2008-02-07 02:55 <DIR> d-------- C:\Program Files\Trend Micro

2008-02-07 00:46 . 2005-06-28 08:21 22,752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe

2008-02-07 00:45 . 2008-02-07 00:45 <DIR> d-------- C:\WINDOWS\SYSTEM32\bits

2008-02-07 00:41 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl

2008-02-07 00:25 . 2008-02-07 16:49 <DIR> dr-h----- C:\Documents and Settings\Di-Angelo\Onlangs geopend

2008-02-06 22:30 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002326_.tmp

2008-02-06 22:28 . 2003-07-23 22:22 6,788 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\secupd.sig

2008-02-06 22:28 . 2003-07-23 22:22 4,573 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\secupd.dat

2008-02-06 22:27 . 2003-07-23 22:08 766,934 --a------ C:\WINDOWS\SYSTEM32\instcat.sql

2008-02-06 22:27 . 2003-07-23 22:13 294,912 --a------ C:\WINDOWS\SYSTEM32\msaud32.acm

2008-02-06 22:27 . 2003-07-23 22:10 290,816 --a------ C:\WINDOWS\SYSTEM32\l3codeca.acm

2008-02-06 22:27 . 2003-07-23 22:01 24,576 --a------ C:\WINDOWS\SYSTEM32\cliconfg.rll

2008-02-06 22:27 . 2003-07-23 22:08 14,848 --a------ C:\WINDOWS\SYSTEM32\imaadp32.acm

2008-02-06 22:27 . 2003-07-23 22:13 13,312 --a------ C:\WINDOWS\SYSTEM32\msadp32.acm

2008-02-06 22:27 . 2003-07-23 22:03 1,740 --a------ C:\WINDOWS\SYSTEM32\dcache.bin

2008-02-06 22:26 . 2003-07-23 22:18 235,296 --a------ C:\ntldr

2008-02-06 22:26 . 2003-07-23 22:10 209,010 --a------ C:\WINDOWS\SYSTEM32\locale.nls

2008-02-06 22:26 . 2003-07-23 22:24 98,304 --a------ C:\WINDOWS\SYSTEM32\sqlsrv32.rll

2008-02-06 22:26 . 2003-07-23 22:23 86,016 --a------ C:\WINDOWS\SYSTEM32\sl_anet.acm

2008-02-06 22:26 . 2003-07-23 22:24 21,116 --a------ C:\WINDOWS\SYSTEM32\sorttbls.nls

2008-02-06 20:41 . 2004-03-30 02:51 253,952 --a------ C:\WINDOWS\SYSTEM32\h323(3).tsp

2008-02-06 20:40 . 2004-03-30 02:51 440,832 --a------ C:\WINDOWS\SYSTEM32\ipnathlp(3).dll

2008-02-06 20:40 . 2004-03-30 02:51 306,176 --a------ C:\WINDOWS\SYSTEM32\netapi32(3).dll

2008-02-06 19:11 . 2006-09-13 06:10 1,110,528 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll

2008-02-06 19:10 . 2005-06-17 23:27 1,018,368 --a------ C:\WINDOWS\SYSTEM32\BROWSEUI(2).DLL

2008-02-06 19:10 . 2006-06-23 12:29 580,096 --a------ C:\WINDOWS\SYSTEM32\WININET.DLL

2008-02-06 19:10 . 2006-06-23 12:29 580,096 --a------ C:\WINDOWS\SYSTEM32\WININET(3).DLL

2008-02-06 19:10 . 2006-08-31 06:57 463,360 --a------ C:\WINDOWS\SYSTEM32\URLMON(3).DLL

2008-02-06 19:08 . 2005-07-26 05:39 1,190,400 --a------ C:\WINDOWS\SYSTEM32\ole32.dll

2008-02-06 19:07 . 2004-10-28 02:31 687,104 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll

2008-02-06 19:06 . 2006-03-17 06:07 8,398,848 --a------ C:\WINDOWS\SYSTEM32\shell32(3).dll

2008-02-06 19:06 . 2006-06-26 18:49 140,288 --a------ C:\WINDOWS\SYSTEM32\dnsapi(3).dll

2008-02-06 19:06 . 2006-03-01 20:46 83,456 --a------ C:\WINDOWS\SYSTEM32\mtxoci.dll

2008-02-06 19:06 . 2006-03-01 20:46 83,456 --a------ C:\WINDOWS\SYSTEM32\mtxoci(3).dll

2008-02-06 19:06 . 2006-03-01 20:46 64,512 --a------ C:\WINDOWS\SYSTEM32\mtxclu.dll

2008-02-06 19:06 . 2006-03-01 20:46 64,512 --a------ C:\WINDOWS\SYSTEM32\mtxclu(3).dll

2008-02-06 19:06 . 2006-03-17 01:49 25,600 --------- C:\WINDOWS\SYSTEM32\verclsid.exe

2008-02-06 19:06 . 2006-06-26 18:49 6,144 --a------ C:\WINDOWS\SYSTEM32\rasadhlp(3).dll

2008-02-06 18:54 . 2008-02-07 01:37 <DIR> d-------- C:\WINDOWS\$hf_mig$

2008-02-06 18:50 . 2004-07-01 23:10 360,448 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\qmgr.dll

2008-02-06 18:50 . 2004-07-01 23:10 331,776 --a------ C:\WINDOWS\SYSTEM32\winhttp.dll

2008-02-06 18:50 . 2004-07-01 23:10 331,776 --a------ C:\WINDOWS\SYSTEM32\winhttp(2).dll

2008-02-06 18:50 . 2004-07-01 23:10 331,776 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\winhttp.dll

2008-02-06 18:50 . 2004-07-01 23:10 17,408 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll

2008-02-06 18:50 . 2004-07-01 23:10 17,408 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\qmgrprxy.dll

2008-02-06 18:50 . 2004-07-01 23:10 7,680 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\bitsprx2.dll

2008-02-06 18:50 . 2004-07-01 23:10 7,680 --------- C:\WINDOWS\SYSTEM32\bitsprx2.dll

2008-02-06 18:50 . 2004-07-01 23:10 7,168 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\bitsprx3.dll

2008-02-06 18:50 . 2004-07-01 23:10 7,168 --------- C:\WINDOWS\SYSTEM32\bitsprx3.dll

2008-02-06 18:46 . 2008-02-07 00:25 <DIR> d-------- C:\Program Files\CCleaner

2008-02-06 15:58 . 2008-02-07 17:03 64,756 --a------ C:\WINDOWS\SYSTEM32\DVCState-{00000001-00000000-00000004-00001102-00000005-00231102}.rfx

2008-02-06 15:58 . 2008-02-07 17:03 54,928 --a------ C:\WINDOWS\SYSTEM32\BMXStateBkp-{00000001-00000000-00000004-00001102-00000005-00231102}.rfx

2008-02-06 15:58 . 2008-02-07 17:03 54,928 --a------ C:\WINDOWS\SYSTEM32\BMXState-{00000001-00000000-00000004-00001102-00000005-00231102}.rfx

2008-02-06 15:56 . 2001-09-06 21:27 22,016 --a------ C:\WINDOWS\SYSTEM32\wdmaud(3).drv

2008-02-06 15:45 . 2003-05-30 09:00 1,962,496 --a------ C:\WINDOWS\SYSTEM32\quartz(2).dll

2008-02-06 15:45 . 2003-05-30 09:00 797,184 --a------ C:\WINDOWS\SYSTEM32\d3dim700(2).dll

2008-02-06 15:45 . 2002-12-12 00:14 355,328 --a------ C:\WINDOWS\SYSTEM32\dsound(2).dll

2008-02-06 15:45 . 2002-12-12 00:14 284,160 --a------ C:\WINDOWS\SYSTEM32\ddraw(2).dll

2008-02-06 15:45 . 2003-05-30 09:00 132,608 --a------ C:\WINDOWS\SYSTEM32\devenum(2).dll

2008-02-06 15:45 . 2003-03-24 09:00 68,096 --a------ C:\WINDOWS\SYSTEM32\dpnhupnp(2).dll

2008-02-06 15:45 . 2002-12-12 00:14 13,312 --a------ C:\WINDOWS\SYSTEM32\msdmo(2).dll

2008-02-05 23:53 . 2008-02-05 23:53 29 --a------ C:\WINDOWS\sfbm.INI

2008-02-05 22:22 . 2008-02-05 22:22 1,374 --a------ C:\WINDOWS\SYSTEM32\wpa.bak

2008-02-05 21:25 . 2003-10-02 14:17 155,648 --a------ C:\WINDOWS\SYSTEM32\igfxres.dll

2008-02-05 17:00 . 2003-07-23 21:58 150,016 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\winzm.ime

2008-02-05 17:00 . 2003-07-23 21:58 150,016 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\winsp.ime

2008-02-05 16:58 . 2003-07-23 21:57 13,463,552 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll

2008-02-05 16:57 . 2003-07-23 21:57 10,096,640 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hwxcht.dll

2008-02-05 16:56 . 2003-07-23 22:04 1,293,824 --a------ C:\WINDOWS\SYSTEM32\dsound3d.dll

2008-02-05 16:55 . 2003-07-23 22:02 561,152 --a------ C:\WINDOWS\SYSTEM32\crypt32.dll

2008-02-05 16:55 . 2003-07-23 22:02 561,152 --a------ C:\WINDOWS\SYSTEM32\crypt32(3).dll

2008-02-05 16:54 . 2003-07-23 22:33 318,976 --a------ C:\WINDOWS\SYSTEM32\zipfldr.dll

2008-02-05 16:52 . 2003-07-23 22:22 129,536 --a------ C:\WINDOWS\SYSTEM32\shmedia.dll

2008-02-05 16:51 . 2003-07-23 22:17 1,635,840 --a------ C:\WINDOWS\SYSTEM32\netshell.dll

2008-02-05 16:51 . 2003-07-23 22:17 1,635,840 --a------ C:\WINDOWS\SYSTEM32\netshell(3).dll

2008-02-05 16:51 . 2003-07-23 22:24 264,704 --a------ C:\WINDOWS\SYSTEM32\wzcsvc.dll

2008-02-05 16:51 . 2003-07-23 22:24 264,704 --a------ C:\WINDOWS\SYSTEM32\wzcsvc(3).dll

2008-02-05 16:51 . 2003-07-23 22:16 167,552 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ndis.sys

2008-02-05 16:51 . 2003-07-23 22:31 57,344 --a------ C:\WINDOWS\SYSTEM32\wzcdlg.dll

2008-02-05 16:51 . 2003-07-23 22:24 23,552 --a------ C:\WINDOWS\SYSTEM32\wzcsapi.dll

2008-02-05 16:51 . 2003-07-23 22:24 12,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ndisuio.sys

2008-02-05 16:49 . 2006-07-14 16:37 519,168 --a------ C:\WINDOWS\SYSTEM32\hhctrl.ocx

2008-02-05 16:49 . 2005-05-27 03:04 143,872 --a------ C:\WINDOWS\SYSTEM32\itircl.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-07 16:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-02-07 12:42 90,112 ----a-w C:\WINDOWS\UpdReg.EXE

2008-02-07 12:13 --------- d-----w C:\Program Files\Norton AntiVirus

2008-02-07 12:13 --------- d-----w C:\Program Files\MSN Messenger

2008-02-07 04:57 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-02-07 01:58 --------- d-----w C:\Program Files\Notepad++

2008-02-07 01:58 --------- d-----w C:\Documents and Settings\Di-Angelo\Application Data\Notepad++

2008-02-06 23:27 --------- d-----w C:\Program Files\Creative

2008-02-05 22:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative

2008-02-05 03:42 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-05 03:42 --------- d-----w C:\Program Files\Atari

2008-02-05 03:40 --------- d-----w C:\Documents and Settings\Di-Angelo\Application Data\Atari

2008-02-04 22:34 --------- d-----w C:\Documents and Settings\Di-Angelo\Application Data\uTorrent

2007-12-23 14:28 --------- d-----w C:\Documents and Settings\Di-Angelo\Application Data\Raptisoft

2007-12-21 21:37 --------- d-----w C:\Program Files\SchijfBewaker

2007-12-20 18:23 --------- d-----w C:\Documents and Settings\Di-Angelo\Application Data\schijfbewaker

2007-12-20 18:18 --------- d-----r C:\Documents and Settings\All Users\Application Data\schijfbewaker

2007-12-20 18:18 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon

2007-12-20 18:14 257,552 ----a-w C:\Documents and Settings\Di-Angelo\Application Data\setup_nl[1].exe

2007-12-18 17:24 --------- d-----w C:\Program Files\Macrogaming

2007-12-15 20:30 --------- d-----w C:\Program Files\VirtualDJ

2007-12-15 14:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2007-12-15 13:45 --------- d-----w C:\Program Files\Netlog 24

2007-12-15 13:44 --------- d-----w C:\Program Files\Windows Live

2007-07-02 17:21 745,694 ----a-w C:\Program Files\SFX_Machine_Pro_1.10.exe

2007-06-18 11:49 17,874,288 ----a-w C:\Program Files\Install_Messenger.exe

2005-04-09 16:10 2,204 ----a-w C:\Program Files\unins000.dat

2003-06-16 13:23 131,072 -c--a-w C:\Program Files\T2DXi.dll

2003-06-16 13:17 4,317,184 ----a-w C:\Program Files\Triangle II.dll

2003-06-03 10:33 90,112 ----a-w C:\Program Files\Triangle II.exe

2002-12-17 01:00 82,253 ----a-w C:\Program Files\unins000.exe

2004-01-23 00:57 32 --sha-w C:\WINDOWS\{E64CC7F2-30BC-41F9-AE18-42A7D6B141F7}.dat

2004-01-23 00:57 32 --sha-w C:\WINDOWS\SYSTEM32\{FF3EBA0E-B375-40B2-9329-EF200E0D6781}.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-07-23 22:02 13312]

"Netlog 24"="C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe" [2008-02-07 00:54 1380352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-10-02 14:37 155648]

"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-10-02 14:19 118784]

"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 02:01 155648]

"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 20:47 204800]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-12-06 10:28 54496]

"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-12-06 10:29 58592]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]

"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2008-02-07 13:22 200069]

"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]

"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34 122880]

"CTHelper"="CTHELPER.EXE" [2006-12-12 10:46 19456 C:\WINDOWS\SYSTEM32\CtHelper.exe]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 10:46 20480 C:\WINDOWS\SYSTEM32\Ctxfihlp.exe]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2008-02-07 13:42 90112]

"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-12-04 12:34 406016]

"U.S. Robotics Wireless Manager UI"="C:\WINDOWS\System32\WLTRAY" [ ]

"EPSON Stylus C64 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2003-05-27 04:08 99840]

"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]

"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-07-23 22:02 13312]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 18:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljighe]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\System32\vtuts.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^MA003DMN.LNK]

path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\MA003DMN.LNK

backup=C:\WINDOWS\pss\MA003DMN.LNKCommon Startup

R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\System32\DRIVERS\cledx.sys [2005-05-09 19:08]

R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\System32\drivers\ha20x2k.sys [2006-12-19 08:36]

S2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2003-07-23 22:25]

S3 autorun;autorun;c:\huadio.tmp [2004-05-10 18:14]

S3 CCCP106;TRUST 120 SPACEC@M;C:\WINDOWS\System32\DRIVERS\cccp106.sys [2003-04-09 10:17]

S3 ma763003;M-Audio Audiophile;C:\WINDOWS\System32\drivers\MA763003.sys [2005-11-12 15:31]

S3 MADFU003;MADFU003;C:\WINDOWS\System32\DRIVERS\MADFU003.sys [2005-11-12 15:31]

S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\System32\Drivers\PCASp50.sys [2004-09-07 15:42]

S3 RD1009;EDIROL UM-1 USB Driver;C:\WINDOWS\System32\Drivers\rdwm1009.sys [2001-07-23 12:59]

S3 RDID1020;EDIROL UM-550;C:\WINDOWS\System32\Drivers\rdwm1020.sys [2002-02-20 10:24]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-05 00:43]

S3 USBNP4X4;M-Audio Audiophile USB Midi;C:\WINDOWS\System32\drivers\usbnp4x4.sys [2005-11-12 15:31]

.

Inhoud van de 'Gedeelde Taken' map

"2008-01-18 19:13:49 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen.job"

- C:\PROGRA~1\NORTON~1\NAVW32.exe

"2004-04-18 14:18:54 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-07 17:05:19

Windows 5.1.2600 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\System32\WLTRAY.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe

C:\Program Files\Messenger\msmsgs.exe

.

**************************************************************************

.

Voltooingstijd: 2008-02-07 17:10:21 - machine was rebooted

ComboFix-quarantined-files.txt 2008-02-07 16:10:03

ComboFix2.txt 2008-02-07 13:04:04

ComboFix3.txt 2008-02-06 18:37:09

.

2008-02-07 00:38:37 --- E O F ---

Het opstarten van Windows gaat al veel sneller, ik merk direct het verschil, het ziet er echt al prima uit.

Verder zijn er geen problemen meer, heel aangenamer. Ik weet niet als er nog iets moet gedaan worden ?

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Dat klinkt al goed. Nog even dit dan :

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O20 - Winlogon Notify: mljighe - C:\WINDOWS\

Klik op 'Fix checked' om de items te verwijderen.

En zoek nog eens even of dit vetgedrukte bestand nog te vinden is op je PC :C:\WINDOWS\system32\mljighe.dll

Link naar reactie
Delen op andere sites
Lorent Groentje

Lorent

Geplaatst:
  • Auteur
Geplaatst:

Ok, bestanden Fixed vanuit Hijackthis.

En mljighe.dll is niet meer te vinden in dossier C:\WINDOWS\system32\

Ik ga nu de computer nog es heropstarten, en nog eens een scan maken op Hijakthis om te zien als alles wel goed weg blijft.

En op je vraag : Neen, "Schijfbewaker" ken ik echt niet, de naam zelf is zo onvertrouwbaar omdat het in nederlands staat, ik zie liever Engelse titles als programmas, meer vertrouwbaar, alhoewel... lol :laugh: , maar niemand heeft deze programma ingesteld op de computer, bestanden komen altijd via via binnen op een computer, alsof het een blok kaas met gaatjes is.

Toch al een hartelijk bedankt kape, je hebt me echt wel goed vooruit geholpen, zonder jouw hulp stond ik nog te jammeren, + een 'verdiend' bedankje ! :biggrin:

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Als je die "Schijfbewaker" niet kent, verwijder dan ook nog eens deze vetgedrukte mappen :

C:\Program Files\SchijfBewaker

C:\Documents and Settings\Di-Angelo\Application Data\schijfbewaker

C:\Documents and Settings\All Users\Application Data\schijfbewaker

En nog iets : die Messenger Plus Live ! Heb je die gedownload met de hele reutemeteut van reclame enz. Want dat is een bron van spyware die kan tellen. Als dit zo is, best uninstallen en netjes opnieuw downloaden zonder alle tierlantijntjes.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.