software probleem

[kape]

Wil je voor je die Combofix laat runnen eerst eens deze items verwijderen, dan zijn die alvast opgeruimd.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [reghostm] C:\Windows\system32\reghostm.exe

Klik op 'Fix checked' om de items te verwijderen.

En dan asap dat log van Combofix in een volgend bericht. Want daarmee moeten we die Spypal (en mogelijk nog andere besmettingen) te lijf kunnen gaan.

[Gast peter5693]

ComboFix 08-03-14.4 - Peter 2008-03-15 19:00:27.1 - NTFSx86

Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1043.18.815 [GMT 1:00]

Gestart vanuit: C:\Users\Peter\Desktop\ComboFix.exe

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Windows\system\svchost.exe

C:\Windows\system32\drivers\npf.sys

C:\Windows\system32\packet.dll

C:\Windows\system32\pthreadVC.dll

C:\Windows\system32\wanpacket.dll

C:\Windows\system32\wpcap.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\NPF

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-15 to 2008-03-15 ))))))))))))))))))))))))))))))

.

Geen nieuwe bestanden aangemaakt in deze periode

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-15 18:11 63,551,712 --sha-w C:\Windows\system32\drivers\fidbox.dat

2008-03-15 18:09 853,508 --sha-w C:\Windows\system32\drivers\fidbox.idx

2008-03-15 16:21 --------- d-----w C:\Users\Peter\AppData\Roaming\Azureus

2008-03-15 16:16 --------- d-----w C:\ProgramData\Kaspersky Lab

2008-03-15 15:07 --------- d-----w C:\Program Files\Azureus

2008-03-15 14:46 --------- d-----w C:\Program Files\Trend Micro

2008-03-13 18:31 --------- d-----w C:\Users\Peter\AppData\Roaming\teamspeak2

2008-03-13 16:49 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-13 10:50 --------- d-----w C:\Users\Peter\AppData\Roaming\mIRC

2008-03-13 10:44 --------- d-sh--r C:\Program Files\SPSSM

2008-03-13 07:38 --------- d-----w C:\Program Files\HooTech

2008-03-13 02:11 --------- d-----w C:\Program Files\Windows Mail

2008-03-13 02:05 --------- d-----w C:\ProgramData\Microsoft Help

2008-03-12 21:02 --------- d-----w C:\Program Files\Ultime Pack Maps DMW

2008-03-12 08:31 --------- d-----w C:\Program Files\Pcsx2_0.9.4

2008-03-11 14:25 --------- d-----w C:\Program Files\TuneUp Utilities 2008

2008-03-11 13:55 --------- d-----w C:\Program Files\Flash Slideshow Maker Professional

2008-03-11 12:55 --------- d-----w C:\Program Files\Common Files\iulab

2008-03-11 12:46 --------- d-----w C:\Program Files\Common Files\GC Install

2008-03-11 10:21 --------- d-----w C:\Program Files\CoffeeCup Software

2008-03-10 20:29 --------- d-----w C:\Program Files\WinPcap

2008-03-10 10:58 --------- d-----w C:\Users\Peter\AppData\Roaming\TeamViewer

2008-03-10 10:58 --------- d-----w C:\Program Files\TeamViewer3

2008-03-10 10:53 --------- d-----w C:\Program Files\DynGate

2008-03-05 22:09 91,700 ----a-w C:\Windows\system32\drivers\klin.dat

2008-03-05 22:09 85,860 ----a-w C:\Windows\system32\drivers\klick.dat

2008-03-05 22:08 --------- d-----w C:\Program Files\Kaspersky Lab

2008-03-05 22:06 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files

2008-03-05 18:29 --------- d-----w C:\Users\Peter\AppData\Roaming\phpDesigner 2008

2008-03-05 16:52 --------- d-----w C:\Program Files\phpDesigner 2008

2008-03-01 11:14 --------- d-----w C:\Program Files\SmartFTP Client

2008-03-01 11:11 --------- d-----w C:\Program Files\SmartFTP Client 2.5 Setup Files

2008-02-20 20:27 --------- d-----w C:\ProgramData\Messenger Plus!

2008-02-20 15:43 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-02-20 07:37 --------- d-----w C:\ProgramData\ViceVersa PRO 2

2008-02-20 07:37 --------- d-----w C:\Program Files\ViceVersa Pro 2

2008-02-15 20:04 --------- d-----w C:\Users\Peter\AppData\Roaming\TuneUp Software

2008-02-15 20:04 --------- d-----w C:\ProgramData\TuneUp Software

2008-02-15 20:03 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-02-15 14:52 --------- d-----w C:\Users\Peter\AppData\Roaming\uTorrent

2008-02-15 14:52 --------- d-----w C:\Program Files\DMW Client 3

2008-02-14 06:44 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-02-14 06:42 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys

2008-02-14 06:42 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys

2008-02-14 06:42 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys

2008-02-14 06:42 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys

2008-02-14 06:42 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys

2008-02-14 06:42 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys

2008-02-14 06:42 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys

2008-02-14 06:42 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys

2008-02-14 06:39 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-02-14 06:39 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys

2008-02-14 06:39 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-02-14 06:39 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-02-14 06:39 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-02-14 06:38 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-02-14 06:38 216,632 ----a-w C:\Windows\system32\drivers\netio.sys

2008-02-14 06:37 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-14 06:37 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-14 06:37 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-14 06:37 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-14 06:35 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-13 21:10 --------- d-----w C:\ProgramData\Lavasoft

2008-02-13 21:10 --------- d-----w C:\Program Files\Lavasoft

2008-02-13 11:55 --------- d-----w C:\Users\Peter\AppData\Roaming\InternetCalls

2008-02-13 11:35 --------- d-----w C:\Program Files\DivX

2008-02-10 14:30 --------- d-----r C:\Users\Peter\AppData\Roaming\Brother

2008-02-08 17:35 23,604 ----a-w C:\Windows\system32\drivers\klopp.dat

2008-02-08 10:55 --------- d-----w C:\ProgramData\MumboJumbo

2008-02-07 17:32 --------- d-----w C:\Program Files\Google

2008-02-07 13:03 --------- d-----w C:\ProgramData\Trymedia

2008-02-07 12:54 --------- d-----w C:\Program Files\NetBeans 6.0.1

2008-02-07 12:53 --------- d-----w C:\Program Files\Java

2008-02-02 21:07 --------- d-----w C:\Program Files\TomTom HOME

2008-02-02 21:06 --------- d-----w C:\ProgramData\TomTom

2008-02-02 21:04 --------- d-----w C:\Users\Peter\AppData\Roaming\InstallShield

2008-01-29 16:11 --------- d-----w C:\Program Files\MagicISO

2008-01-29 16:09 --------- d-----w C:\Program Files\FileZilla Client

2008-01-29 15:49 --------- d-----w C:\Users\Peter\AppData\Roaming\GlobalSCAPE

2008-01-26 14:40 --------- d-----w C:\Users\Peter\AppData\Roaming\FileZilla

2008-01-25 10:03 --------- d-----w C:\Program Files\mIRC

2008-01-21 19:27 --------- d-----w C:\Users\Peter\AppData\Roaming\Colasoft MSN Monitor

2008-01-21 19:25 --------- d-----w C:\Program Files\Common Files\Colasoft Shared

2008-01-21 19:06 --------- d-----w C:\Users\Peter\AppData\Roaming\Ufasoft

2008-01-21 19:06 --------- d-----w C:\Program Files\Ufasoft

2008-01-16 11:01 --------- d-----w C:\ProgramData\HHD Software

2008-01-16 11:00 --------- d-----w C:\Program Files\HHD Software

2008-01-16 08:02 --------- d-----w C:\Program Files\Microsoft Games

2007-11-26 10:15 22,328 ----a-w C:\Users\Peter\AppData\Roaming\PnkBstrK.sys

2007-11-21 09:52 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-04 16:17 171448]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-21 02:00 1006264]

"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 13:36 827392]

"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 12:18 472776]

"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 15:12 317128]

"accrdsub"="c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-03 17:51 293168]

"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-09 14:52 145184]

"CognizanceTS"="c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 16:12 17920]

"IFXSPMGT"="c:\Windows\system32\ifxspmgt.exe" [2007-05-23 13:04 677408]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 12:14 1183744]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

"DmwClient"="C:\Program Files\DMW Client 3\dmwclient.exe" [2008-01-16 13:24 108544]

"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]

"MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 10:45 222208]

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

"reghostm"="C:\Windows\system32\reghostm.exe" [2007-07-04 22:11 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"ST Recovery Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]

DeviceNP.dll 2007-04-30 07:19 49152 C:\Windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=APSHook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk

backup=C:\Windows\pss\VPN Client.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2007-11-17 12:53 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetCalls]

C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JavaStartUpdate]

C:\Windows\SoftwareDistribution\Datastore\Logs\edb0002.bat

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telemeter 3.0]

--a------ 2007-04-15 23:38 1441792 C:\Program Files\Telemeter 3.0\telemeter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

--a------ 2007-05-15 16:34 3975848 C:\Program Files\TomTom HOME\TomTomHOME.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{97DF243A-0664-4BF8-815F-87A4DED74792}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{548C4AF6-7134-43D4-8A4F-27C7CFB3AAF3}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{5BCE461B-B983-4785-A6D1-EAC68130E74C}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{CBD8DAFF-33A0-4A27-BF47-E855239719FA}"= UDP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service

"{941D4900-CA5D-4B89-BDB9-CF30990647ED}"= TCP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service

"{3E56F6F5-DC5F-4831-B848-D5CE9C44B3E8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{D84922BA-E987-4BF9-BF32-F1400D62E074}D:\\games\\mohaa\\mohaa.exe"= UDP:D:\games\mohaa\mohaa.exe:Medal of Honor Allied Assault

"UDP Query User{51B0DAC0-03D6-44B1-A4E2-BDFF8E321DE6}D:\\games\\mohaa\\mohaa.exe"= TCP:D:\games\mohaa\mohaa.exe:Medal of Honor Allied Assault

"TCP Query User{5C9CCD1D-C9C1-4E13-90E0-34FC7DA46E06}D:\\games\\the all-seeing eye\\eye.exe"= UDP:D:\games\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye

"UDP Query User{50831D18-6F03-4746-9F4E-0BEF5704FA93}D:\\games\\the all-seeing eye\\eye.exe"= TCP:D:\games\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye

"{B4FC21FB-BC42-40EE-AC94-4E124F51BCB4}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{E6354C5B-FFAE-46D5-934F-793BC9E384E3}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{6580D0B5-E919-4762-98A0-F35188D88B6D}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{67660E12-072C-4C75-A714-AF3E6ED78533}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"TCP Query User{EB1F2119-5543-438C-93E1-E7F49105A9E6}C:\\program files\\microsoft office\\office12\\outlook.exe"= UDP:C:\program files\microsoft office\office12\outlook.exe:Microsoft Office Outlook

"UDP Query User{D5542A23-7FB4-47EF-924C-DE7D30D5BD40}C:\\program files\\microsoft office\\office12\\outlook.exe"= TCP:C:\program files\microsoft office\office12\outlook.exe:Microsoft Office Outlook

"{43093D9D-483C-42C3-842D-3B67CF5EACDC}"= UDP:3703:Adobe Version Cue CS3 Server

"{A01D651F-E47D-4519-8805-674852AAC51D}"= UDP:3704:Adobe Version Cue CS3 Server

"{C0244AE3-B37B-49F8-822F-52ECB88B6891}"= UDP:50900:Adobe Version Cue CS3 Server

"{C86AD6D8-4BE0-4B0A-9BF8-F6875AF757C7}"= UDP:50901:Adobe Version Cue CS3 Server

"{B64654FC-10BD-4C5C-93BC-96B8F37FCD5E}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server

"{6259D576-7695-46EE-AD49-48B4F922A6C7}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server

"TCP Query User{5962E710-7E8C-4032-8286-F6400578BE13}D:\\adobe master\\adobe flash cs3\\flash.exe"= UDP:D:\adobe master\adobe flash cs3\flash.exe:Adobe Flash CS3

"UDP Query User{4E1AEC7F-357D-4C7C-B211-3E60E6F69612}D:\\adobe master\\adobe flash cs3\\flash.exe"= TCP:D:\adobe master\adobe flash cs3\flash.exe:Adobe Flash CS3

"TCP Query User{889AEA5A-60AF-4C98-97B0-35E07CDBF811}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{1DE2502C-C69E-4420-92E6-87E7D93C5770}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"TCP Query User{E8029BAB-ED88-457A-85E7-7009C6D0D928}D:\\games\\the all-seeing eye\\eye.exe"= UDP:D:\games\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye

"UDP Query User{0A6A3DC3-B0B2-47DB-8C5B-5D0D4D3B3667}D:\\games\\the all-seeing eye\\eye.exe"= TCP:D:\games\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye

"TCP Query User{D25A16F5-6676-4033-8B93-B2EDCA1AAF92}D:\\games\\mohaa\\mohaa.exe"= UDP:D:\games\mohaa\mohaa.exe:Medal of Honor Allied Assault

"UDP Query User{3B5B63B7-A096-4545-A491-A09C06E3A0CB}D:\\games\\mohaa\\mohaa.exe"= TCP:D:\games\mohaa\mohaa.exe:Medal of Honor Allied Assault

"TCP Query User{8A08B476-821E-4F78-A075-0AB53A5DA898}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{0B3B9160-33F7-4EFA-97F9-8D559D38226E}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"TCP Query User{FE7BC46B-8E09-423A-AF29-53D6E3F3F3CA}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus

"UDP Query User{FD9A35FA-92E5-442A-B907-D235252B4C48}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus

"TCP Query User{EE343BF5-E16A-4851-B5E2-CE6B5EBFC3D8}D:\\adobe master\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:D:\adobe master\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3

"UDP Query User{D93661F9-230D-455E-B5D6-FDE2ED465BD3}D:\\adobe master\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:D:\adobe master\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3

"TCP Query User{BCA1A99C-FB38-40F1-93E0-2AF2AD33ECBB}D:\\adobe master\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:D:\adobe master\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3

"UDP Query User{1F4B4B7C-602B-4E2D-97F5-8D9C140D41A2}D:\\adobe master\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:D:\adobe master\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3

"TCP Query User{BDD127AD-B09E-42EF-A98C-EEAB45F68DC5}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp

"UDP Query User{FBE6D62F-22E8-4B18-889F-8833ED228A17}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp

"TCP Query User{94BA0DF6-1757-4004-B661-6F135C9E2619}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC

"UDP Query User{A7AEB126-73DC-4568-9949-792C1D6A22A8}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC

"TCP Query User{0B9678CB-740D-492D-B57C-6DB61DE2F521}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus

"UDP Query User{C2528783-185E-4B47-B686-7EAE67A68FB5}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus

"TCP Query User{85EE5137-3F5F-402E-B4CB-92D2214185FC}C:\\program files\\team17\\worms armageddon\\wa.exe"= UDP:C:\program files\team17\worms armageddon\wa.exe:Worms Armageddon

"UDP Query User{6D1C0DA8-3DA4-4487-BB34-FA42C368DA5A}C:\\program files\\team17\\worms armageddon\\wa.exe"= TCP:C:\program files\team17\worms armageddon\wa.exe:Worms Armageddon

"{D11451E8-8599-4C4F-ABF9-80E6B2C529F6}"= UDP:C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe:InternetCalls

"{EDBB1A24-228A-4D8E-B644-C3FD48A1F98D}"= TCP:C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe:InternetCalls

"{E4791C62-0CC5-4310-875C-0745F134DD5B}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client

"{0831F661-C134-4D91-8572-7F88B2651C73}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client

"TCP Query User{834908BF-E9BE-45CE-A458-02455448574F}C:\\program files\\phpdesigner 2008\\phpdesigner2008.exe"= UDP:C:\program files\phpdesigner 2008\phpdesigner2008.exe:phpDesigner2008

"UDP Query User{5EB1B257-7367-4E04-A64B-92C37E658E82}C:\\program files\\phpdesigner 2008\\phpdesigner2008.exe"= TCP:C:\program files\phpdesigner 2008\phpdesigner2008.exe:phpDesigner2008

"TCP Query User{AF502053-AAD1-405A-A6EC-6CF5DEFF5104}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup

"UDP Query User{993D9878-AFA7-48F3-976A-35AE74EB269E}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 SbAlg;SbAlg;C:\Windows\system32\drivers\SbAlg.sys [2006-10-09 12:31]

R0 SbFsLock;SbFsLock;C:\Windows\system32\drivers\SbFsLock.sys [2007-03-29 15:54]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]

R1 PersonalSecureDrive;PersonalSecureDrive;C:\Windows\system32\drivers\psd.sys [2007-04-18 18:32]

R1 RsvLock;RsvLock;C:\Windows\system32\drivers\RsvLock.sys [2007-04-26 18:23]

R2 accoca;ActivClient Middleware Service;"c:\Program Files\ActivIdentity\ActivClient\accoca.exe" [2007-05-03 17:51]

R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-06 05:44]

R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 HpFkCryptService;Drive Encryption Service;"c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe" [2007-04-27 09:58]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [2007-01-05 02:00]

R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]

R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-03-27 10:08]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-13 03:56]

R3 rismc32;RICOH Smart Card Reader;C:\Windows\system32\DRIVERS\rismc32.sys [2006-12-20 00:08]

R3 TPM;TPM;C:\Windows\system32\drivers\tpm.sys [2006-11-02 10:50]

S3 btwaudio;Bluetooth-audioapparaat;C:\Windows\system32\drivers\btwaudio.sys [2007-05-11 09:42]

S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-05-11 09:42]

S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-05-11 09:42]

S3 DAMDrv;DAMDrv;C:\Windows\system32\DRIVERS\DAMDrv.sys [2007-04-23 12:13]

S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\Windows\system32\flcdlock.exe [2007-04-30 07:28]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-03-11 15:25]

S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;C:\Program Files\Ufasoft\Sniffer\usft_sn4.sys [2008-01-17 04:22]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

Cognizance REG_MULTI_SZ ASBroker ASChannel

GPSvcGroup REG_MULTI_SZ GPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{297bf4a9-9782-11dc-b18b-0017a4e9d9e0}]

\shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d99d5900-ac72-11dc-88fc-0017a4e9d9e0}]

\shell\AutoRun\command - I:\LaunchU3.exe -a

.

Inhoud van de 'Gedeelde Taken' map

"2008-03-15 18:10:56 C:\Windows\Tasks\Easy Onderhoud.job"

- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-15 19:11:34

Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]

-> C:\Program Files\DMW Client 3\jpglib.dll

-> C:\Program Files\DMW Client 3\gamelauncher.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\Ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Windows\System32\LEXBCES.EXE

C:\Windows\System32\LEXPPS.EXE

c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

c:\Program Files\ActivIdentity\ActivClient\acevents.exe

c:\Windows\system32\ifxtcs.exe

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\Windows\system32\IfxPsdSv.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\conime.exe

C:\Windows\SMINST\scheduler.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

c:\Windows\system32\ifxuagui.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe

c:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\SPSSM\data\winservm.exe

C:\Program Files\SPSSM\data\usrprocm.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\\?\C:\Windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Voltooingstijd: 2008-03-15 19:15:50 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-15 18:15:40

.

2008-03-13 23:10:51 --- E O F ---

[Gast peter5693]

ok ik heb het kunnen werwijderen. het stond niet bij program file soko niet verborgen en toen ik het pad ingaf vond ie het wel. wel raar vind ik.

bedankt om me te helpen maar jullie spraken nog dat er nog meer spyware op zat kan ik dat verwijderen?

[Gast peter5693]

ik heb het gevonden. maar je zei iets van dat er nog dingen besmet waren. hoe kan ik die verwijderen ?

[aarondk1]

Nee alles is nu in orde als je alles wat Kape gezegd heeft gedaan hebt.

Maar post nog maar eens een HJT logje ter controle.

[kape]

Nog even dit :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

C:\Program Files\SPSSM

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

En post dan na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.

Laat meteen ook even weten of je ergens nog iets opmerkt dat volgens jou niet correct functioneert.

[kape]

Bij gebrek aan reactie sluiten we dit onderwerp af. Mocht je toch nog verder willen gaan met dit onderwerp, geef dan een seintje aan één van de moderators.