Ga naar inhoud

[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

ruskic
 Delen

Aanbevolen berichten

kape Grootmeester

kape

Geplaatst:
Geplaatst:
ik begrijp alles wat je zegt, maar de laptop doet niet zijn ding. is het misschien verstandiger hem in de veilige modus op te starten en het weer te proberen, want dit schiet écht niet op zo.
Yep, probeer dat eens.
Link naar reactie
Delen op andere sites
  • Reacties 44
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

ruskic Enthousiasteling

ruskic

Geplaatst:
  • Auteur
Geplaatst:
Yep, probeer dat eens.

nope dit werkt ook niet. ik heb ook via andere sites geprobeerd om combofix te downloaden, maar hij laat het niet toe bij elke site staat er; deze pagina kan niet worden weergeven. Terwijl het op de andere laptop wel werkt

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Behoorlijke shit, dit. Probeer eens of je een - min of meer - alternatief kan laten runnen om (sommige) rommel op te kuisen.

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)

De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites
ruskic Enthousiasteling

ruskic

Geplaatst:
  • Auteur
Geplaatst:
Behoorlijke shit, dit. Probeer eens of je een - min of meer - alternatief kan laten runnen om (sommige) rommel op te kuisen.

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)

De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Ik heb goed nieuws, die malware wilde ook niet, totdat ik de naam van de programmas veranderde in mijn naam. toen runde die. En ik bedacht misschien werkt dat bij combofix ook, en gelijk had ik.Ik ga nu de stappen uitvoeren die voor combofix bedoeld zijn

Link naar reactie
Delen op andere sites
ruskic Enthousiasteling

ruskic

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 08-05-15.3 - Drago 2008-05-19 18:31:35.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.357 [GMT 2:00]

Gestart vanuit: C:\Documents and Settings\Drago\Bureaublad\12345.exe

* Resident AV is active

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\cookies.ini

C:\WINDOWS\default.htm

C:\WINDOWS\explore.exe

C:\WINDOWS\iexplorer.exe

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\buaqlyrx.ini

C:\WINDOWS\system32\clbdll.dll

C:\WINDOWS\system32\clbinit.dll

C:\WINDOWS\system32\cqiaalwa.exe

C:\WINDOWS\system32\drivers\clbdriver.sys

C:\WINDOWS\system32\joohkgjt.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\ruxayGgh.ini

C:\WINDOWS\system32\ruxayGgh.ini2

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_CLBDRIVER

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-19 to 2008-05-19 ))))))))))))))))))))))))))))))

.

2008-05-19 18:51 . 2008-05-19 18:52 1,918 --a------ C:\WINDOWS\default.htm

2008-05-19 18:31 . 2008-05-19 18:31 <DIR> d-------- C:\quarantine

2008-05-19 18:30 . 2008-05-19 18:30 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

2008-05-18 19:24 . 2008-05-18 19:24 32,000 --a------ C:\WINDOWS\msupdate.exe

2008-05-18 19:24 . 2008-05-18 19:24 21,504 --a------ C:\WINDOWS\notepad32.exe

2008-05-18 19:24 . 2008-05-18 19:24 20,736 --a------ C:\WINDOWS\svchost32.exe

2008-05-18 19:24 . 2008-05-18 19:24 15,360 --a------ C:\WINDOWS\window.exe

2008-05-18 17:25 . 2008-05-18 17:25 32,000 --a------ C:\WINDOWS\explorer32.exe

2008-05-18 17:25 . 2008-05-18 19:22 22,016 --a------ C:\WINDOWS\internet.exe

2008-05-18 17:25 . 2008-05-18 17:25 18,688 --a------ C:\WINDOWS\loader.exe

2008-05-18 17:25 . 2008-05-18 17:25 12,288 --a------ C:\WINDOWS\x.exe

2008-05-18 17:25 . 2008-05-18 17:25 11,520 --a------ C:\WINDOWS\y.exe

2008-05-18 16:45 . 2008-05-18 16:45 <DIR> d-------- C:\WINDOWS\ERUNT

2008-05-18 16:40 . 2008-05-18 17:25 <DIR> d-------- C:\SDFix

2008-05-18 16:33 . 2008-05-18 19:22 30,208 --a------ C:\WINDOWS\msconfd.dll

2008-05-18 16:33 . 2008-05-18 19:22 25,600 --a------ C:\WINDOWS\rundll16.exe

2008-05-18 16:33 . 2008-05-18 19:22 20,992 --a------ C:\WINDOWS\iedll.exe

2008-05-18 16:33 . 2008-05-18 19:22 14,080 --a------ C:\WINDOWS\quicken.exe

2008-05-18 16:33 . 2008-05-18 19:22 11,520 --a------ C:\WINDOWS\mssys.exe

2008-05-18 16:33 . 2008-05-18 19:22 8,704 --a------ C:\WINDOWS\editpad.exe

2008-05-18 14:47 . 2008-05-18 14:47 133,120 --a------ C:\WINDOWS\system32\umvcrvap.dll

2008-05-18 14:46 . 2008-05-18 14:46 117,248 --a------ C:\WINDOWS\system32\xrylqaub.dll

2008-05-18 14:44 . 2008-05-19 17:28 109,807 --a------ C:\WINDOWS\BM47406f4e.xml

2008-05-18 14:43 . 2008-05-18 14:43 124,928 --a------ C:\WINDOWS\system32\mrcotvbj.dll

2008-05-18 12:17 . 2008-05-18 12:17 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\Uniblue

2008-05-18 11:49 . 2008-05-18 11:49 <DIR> d-------- C:\Program Files\Trend Micro

2008-05-18 11:43 . 2008-05-18 11:43 31,232 --a------ C:\WINDOWS\avpcc.dll

2008-05-18 11:43 . 2008-05-18 11:43 28,672 --a------ C:\WINDOWS\sistem.exe

2008-05-18 11:43 . 2008-05-18 11:43 27,136 --a------ C:\WINDOWS\mtwirl32.dll

2008-05-18 11:43 . 2008-05-18 11:43 20,736 --a------ C:\WINDOWS\ctrlpan.dll

2008-05-18 05:26 . 2008-05-18 05:26 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-05-18 05:07 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2008-05-18 05:07 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-05-18 05:07 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-05-18 05:07 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2008-05-18 05:07 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-05-18 05:07 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-05-18 04:40 . 2008-05-18 17:21 <DIR> d-------- C:\VIRUSfighter

2008-05-18 04:06 . 2008-05-19 18:48 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-05-18 03:57 . 2008-04-25 20:50 582 --a------ C:\WINDOWS\win.tmp

2008-05-18 03:57 . 2008-02-18 22:39 231 --a------ C:\WINDOWS\system.tmp

2008-05-18 03:36 . 2006-08-24 11:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys

2008-05-18 03:36 . 2006-07-10 16:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys

2008-05-18 03:35 . 2008-05-18 04:03 <DIR> d-------- C:\Program Files\Spyware Doctor

2008-05-18 03:35 . 2008-05-18 03:35 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\PC Tools

2008-05-18 01:40 . 2008-05-18 01:40 16,128 --a------ C:\WINDOWS\rundll32.vbe

2008-05-18 01:24 . 2008-05-18 01:24 371,712 --a------ C:\WINDOWS\system32\hgGyaxur.dll

2008-05-18 01:20 . 2004-09-02 13:00 4,224 --a------ C:\WINDOWS\system32\beep.sys

2008-05-18 01:19 . 2008-05-18 01:19 87,513 --a------ C:\WINDOWS\system32\xwusuhzh.exe

2008-05-18 01:19 . 2008-05-18 01:19 4 --a------ C:\WINDOWS\system32\hljwugsf.bin

2008-05-18 01:18 . 2008-05-18 01:18 59,392 --a------ C:\WINDOWS\system32\opnnLBTM.dll

2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Common Files\PCSuite

2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Common Files\Nokia

2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\PC Suite

2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\Nokia

2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite

2008-05-14 13:11 . 2008-05-14 13:11 <DIR> d-------- C:\Program Files\PC Connectivity Solution

2008-05-14 13:11 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Nokia

2008-05-14 13:11 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2008-05-14 13:11 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys

2008-05-14 13:10 . 2008-05-14 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations

2008-05-13 12:48 . 2008-05-13 12:48 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-04-26 09:10 . 2008-04-26 09:10 <DIR> d-------- C:\Program Files\LimeWire

2008-04-26 09:10 . 2008-05-08 06:30 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\LimeWire

2008-04-25 20:00 . 2008-04-25 20:00 <DIR> d-------- C:\Program Files\Microsoft Works

2008-04-25 19:59 . 2008-04-25 19:59 <DIR> d-------- C:\Program Files\Microsoft.NET

2008-04-25 19:55 . 2008-04-25 19:59 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-04-25 19:55 . 2008-04-25 19:55 <DIR> dr-h----- C:\MSOCache

2008-04-25 19:55 . 2008-05-15 06:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-04-24 08:15 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2008-04-24 08:15 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys

2008-04-24 08:15 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-04-24 08:15 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-04-21 21:46 . 2008-04-21 21:46 <DIR> d-------- C:\Program Files\vanBasco's Karaoke Player

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-19 16:45 31,232 ----a-w C:\WINDOWS\explore.exe

2008-05-19 16:45 27,904 ----a-w C:\WINDOWS\iexplorer.exe

2008-05-18 02:40 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-17 23:18 --------- d-----w C:\Program Files\Common Files\Adobe

2008-05-14 11:11 --------- d-----w C:\Program Files\DIFX

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-20 13:28 --------- d-----w C:\Program Files\Java

2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-19 12:10 --------- d-----w C:\Program Files\Common Files\Java

2008-03-19 11:45 --------- d-----w C:\Documents and Settings\Drago\Application Data\Photodex

2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-19 00:24 87,865 ----a-w C:\WINDOWS\system32\Vxdif.dll

2008-02-19 00:08 21,393 ----a-w C:\WINDOWS\AegisP.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36D9CB8D-B8CA-4A85-A879-06A71109F11E}]

2008-05-18 01:18 59392 --a------ C:\WINDOWS\system32\opnnLBTM.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D8F30BE-4625-46CD-9C23-6B099ECF218E}]

2008-05-18 01:24 371712 --a------ C:\WINDOWS\system32\hgGyaxur.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e21b11a-6b5c-4790-a7a1-6d36ab3865c7}]

2008-05-18 14:47 133120 --a------ C:\WINDOWS\system32\umvcrvap.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 13:00 15360]

"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 11:47 65536]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]

"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]

"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-05-18 03:38 2115728]

"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-02 13:00 208952]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 13:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 13:00 455168]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 23:40 64512]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-18 23:30 7122944]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:03 110592 C:\WINDOWS\system32\bthprops.cpl]

"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 13:11 73728]

"TFncKy"="TFncKy.exe" []

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 11:51 823296]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 11:49 974848]

"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2005-05-11 13:02 253952]

"000StTHK"="000StTHK.exe" [2001-06-23 05:28 24576 C:\WINDOWS\system32\000StTHK.exe]

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2008-02-19 02:24 196608]

"Kraidman"="C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe" [2005-08-11 16:37 1093712]

"NDSTray.exe"="NDSTray.exe" []

"TPSMain"="TPSMain.exe" [2005-07-06 15:04 266240 C:\WINDOWS\system32\TPSMain.exe]

"TPSODDCtl"="TPSODDCtl.exe" [2005-07-06 15:04 102400 C:\WINDOWS\system32\TPSODDCtl.exe]

"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 13:25 1077327]

"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2005-09-01 13:29 102400]

"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 16:07 49152]

"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 14:28 118784]

"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 09:00 94208]

"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-12-07 04:55 131072]

"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 10:48 147514]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"Norman ZANDA"="C:\VIRUSfighter\bin\ZLH.exe" [ ]

"44735cd2"="C:\WINDOWS\system32\xrylqaub.dll" [2008-05-18 14:46 117248]

"BM47406f4e"="C:\WINDOWS\system32\mrcotvbj.dll" [2008-05-18 14:43 124928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-02 13:00 15360]

"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-05-18 03:38 2115728]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Bluetooth Monitor.lnk - C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2008-02-19 00:31:33 65536]

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-02-19 04:59:25 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{36D9CB8D-B8CA-4A85-A879-06A71109F11E}"= C:\WINDOWS\system32\opnnLBTM.dll [2008-05-18 01:18 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\xwusuhzh.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnLBTM]

opnnLBTM.dll 2008-05-18 01:18 59392 C:\WINDOWS\system32\opnnLBTM.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R0 KR10N;KR10N;C:\WINDOWS\system32\DRIVERS\KR10N.sys [2008-02-18 20:19]

R2 TOS_SPS;TOSHIBA SPS Driver;C:\Program Files\TOSHIBA\TMP2VDec\TOS_SPS.sys [2005-07-11 18:01]

R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 16:18]

R3 ttv400x;TOSHIBA PCI DVB-T/Analog Hybrid Tuner;C:\WINDOWS\system32\drivers\ttv400x.sys [2008-02-19 00:20]

S2 Windows Action Script;Windows Action Script;"C:\WINDOWS\system32\scvhost.exe" []

S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]

S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2003-05-07 16:54]

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-19 18:50:57

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

C:\WINDOWS\default.htm 1918 bytes

Scan succesvol afgerond

verborgen bestanden: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]

"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\opnnLBTM.dll

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\xrylqaub.dll

-> C:\WINDOWS\system32\mrcotvbj.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\ehome\ehrecvr.exe

C:\WINDOWS\ehome\ehSched.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\VIRUSfighter\Bin\Zanda.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\system32\xwusuhzh.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Apoint2K\ApntEx.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

.

**************************************************************************

.

Voltooingstijd: 2008-05-19 18:55:42 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-19 16:55:24

Pre-Run: 58,158,166,016 bytes beschikbaar

Post-Run: 58,096,209,920 bytes beschikbaar

297 --- E O F --- 2008-05-16 21:45:13

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:
Ik heb goed nieuws, die malware wilde ook niet, totdat ik de naam van de programmas veranderde in mijn naam. toen runde die. En ik bedacht misschien werkt dat bij combofix ook, en gelijk had ik.Ik ga nu de stappen uitvoeren die voor combofix bedoeld zijn
Schitterend idee ... Er zit behoorlijk wat rommel in die Combofix ... zal even duren voor ik met de analyse kom, maar ze komt er zeker aan. Wil je ondertussen ook even dat log van Malwarabytes posten.
Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\WINDOWS\msupdate.exe

C:\WINDOWS\notepad32.exe

C:\WINDOWS\svchost32.exe

C:\WINDOWS\window.exe

C:\WINDOWS\explorer32.exe

C:\WINDOWS\internet.exe

C:\WINDOWS\loader.exe

C:\WINDOWS\x.exe

C:\WINDOWS\y.exe

C:\WINDOWS\default.htm

C:\WINDOWS\msconfd.dll

C:\WINDOWS\rundll16.exe

C:\WINDOWS\iedll.exe

C:\WINDOWS\quicken.exe

C:\WINDOWS\mssys.exe

C:\WINDOWS\editpad.exe

C:\WINDOWS\system32\umvcrvap.dll

C:\WINDOWS\system32\xrylqaub.dll

C:\WINDOWS\BM47406f4e.xml

C:\WINDOWS\system32\mrcotvbj.dll

C:\WINDOWS\avpcc.dll

C:\WINDOWS\sistem.exe

C:\WINDOWS\mtwirl32.dll

C:\WINDOWS\ctrlpan.dll

C:\WINDOWS\system32\VCCLSID.exe

C:\WINDOWS\system32\Process.exe

C:\WINDOWS\win.tmp

C:\WINDOWS\system32\hgGyaxur.dll

C:\WINDOWS\system32\opnnLBTM.dll

C:\WINDOWS\explore.exe

C:\WINDOWS\iexplorer.exe

Folder::

C:\SDFix

C:\VIRUSfighter

Registry::

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36D9CB8D-B8CA-4A85-A879-06A71109F11E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D8F30BE-4625-46CD-9C23-6B099ECF218E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e21b11a-6b5c-4790-a7a1-6d36ab3865c7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnLBTM]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites
ruskic Enthousiasteling

ruskic

Geplaatst:
  • Auteur
Geplaatst:

logje van malwarebytes;

Malwarebytes' Anti-Malware 1.12

Database versie: 768

Scan type: Snelle Scan

Objecten gescand: 39206

Verstreken tijd: 7 minute(s), 48 second(s)

Geheugenprocessen geïnfecteerd: 1

Geheugenmodulen geïnfecteerd: 4

Registersleutels geïnfecteerd: 11

Registerwaarden geïnfecteerd: 5

Registerdata bestanden geïnfecteerd: 3

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 10

Geheugenprocessen geïnfecteerd:

C:\WINDOWS\system32\xwusuhzh.exe (Trojan.Agent) -> Unloaded process successfully.

Geheugenmodulen geïnfecteerd:

C:\WINDOWS\system32\hgGyaxur.dll (Trojan.Vundo) -> Unloaded module successfully.

C:\WINDOWS\system32\kjsthmde.dll (Trojan.Vundo) -> Unloaded module successfully.

C:\WINDOWS\system32\osxvomqc.dll (Trojan.Vundo) -> Unloaded module successfully.

C:\WINDOWS\system32\opnnLBTM.dll (Trojan.Vundo) -> Unloaded module successfully.

Registersleutels geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64c7d42b-30d1-4a81-815d-87b3ade89c67} (Trojan.Vundo) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{64c7d42b-30d1-4a81-815d-87b3ade89c67} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{36d9cb8d-b8ca-4a85-a879-06a71109f11e} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36d9cb8d-b8ca-4a85-a879-06a71109f11e} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnnlbtm (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\44735cd2 (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM47406f4e (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{36d9cb8d-b8ca-4a85-a879-06a71109f11e} (Trojan.Vundo) -> Delete on reboot.

Registerdata bestanden geïnfecteerd:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggyaxur -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\xwusuhzh.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggyaxur -> Delete on reboot.

Mappen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:

C:\WINDOWS\system32\hgGyaxur.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\ruxayGgh.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ruxayGgh.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kjsthmde.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\edmhtsjk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\osxvomqc.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\cqmovxso.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xwusuhzh.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\suvljmxy.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\opnnLBTM.dll (Trojan.Vundo) -> Delete on reboot.

Link naar reactie
Delen op andere sites
ruskic Enthousiasteling

ruskic

Geplaatst:
  • Auteur
Geplaatst:

log van combofix

ComboFix 08-05-15.3 - Drago 2008-05-19 20:25:33.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.397 [GMT 2:00]

Gestart vanuit: C:\Documents and Settings\Drago\Bureaublad\12345.exe

Command switches used :: C:\Documents and Settings\Drago\Bureaublad\CFScript.txt..txt

* Nieuw herstelpunt werd aangemaakt

* Resident AV is active

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE ::

C:\WINDOWS\avpcc.dll

C:\WINDOWS\BM47406f4e.xml

C:\WINDOWS\ctrlpan.dll

C:\WINDOWS\default.htm

C:\WINDOWS\editpad.exe

C:\WINDOWS\explore.exe

C:\WINDOWS\explorer32.exe

C:\WINDOWS\iedll.exe

C:\WINDOWS\iexplorer.exe

C:\WINDOWS\internet.exe

C:\WINDOWS\loader.exe

C:\WINDOWS\msconfd.dll

C:\WINDOWS\mssys.exe

C:\WINDOWS\msupdate.exe

C:\WINDOWS\mtwirl32.dll

C:\WINDOWS\notepad32.exe

C:\WINDOWS\quicken.exe

C:\WINDOWS\rundll16.exe

C:\WINDOWS\sistem.exe

C:\WINDOWS\svchost32.exe

C:\WINDOWS\system32\hgGyaxur.dll

C:\WINDOWS\system32\mrcotvbj.dll

C:\WINDOWS\system32\opnnLBTM.dll

C:\WINDOWS\system32\Process.exe

C:\WINDOWS\system32\umvcrvap.dll

C:\WINDOWS\system32\VCCLSID.exe

C:\WINDOWS\system32\xrylqaub.dll

C:\WINDOWS\win.tmp

C:\WINDOWS\window.exe

C:\WINDOWS\x.exe

C:\WINDOWS\y.exe

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\SDFix

C:\SDFix\apps\assosfix.reg

C:\SDFix\apps\cliptext.exe

C:\SDFix\apps\download.exe

C:\SDFix\apps\dummy.sys

C:\SDFix\apps\Enable_Command_Prompt.reg

C:\SDFix\apps\ERDNT.E_E

C:\SDFix\apps\ERDNTDOS.LOC

C:\SDFix\apps\ERDNTWIN.LOC

C:\SDFix\apps\ERUNT.EXE

C:\SDFix\apps\ERUNT.LOC

C:\SDFix\apps\fix.reg

C:\SDFix\apps\FixBH.reg

C:\SDFix\apps\FixComponents.reg

C:\SDFix\apps\FIXCU.reg

C:\SDFix\apps\FIXLM.reg

C:\SDFix\apps\FixPath.exe

C:\SDFix\apps\FixRedir.reg

C:\SDFix\apps\FixSchedule.reg

C:\SDFix\apps\FixWebCheck.reg

C:\SDFix\apps\fixXP.reg

C:\SDFix\apps\FixXPsp2.reg

C:\SDFix\apps\grep.exe

C:\SDFix\apps\HPFix.reg

C:\SDFix\apps\HPFix2.reg

C:\SDFix\apps\HPFix3.reg

C:\SDFix\apps\HPFix4.reg

C:\SDFix\apps\HPFix5.reg

C:\SDFix\apps\HPFix6.reg

C:\SDFix\apps\HPFix7.reg

C:\SDFix\apps\HPFix8.reg

C:\SDFix\apps\isadmin.exe

C:\SDFix\apps\leg2.txt

C:\SDFix\apps\legacy.txt

C:\SDFix\apps\legacybk.txt

C:\SDFix\apps\locate.com

C:\SDFix\apps\LS.exe

C:\SDFix\apps\MD5File.exe

C:\SDFix\apps\MyGcpvFix.reg

C:\SDFix\apps\MyGkFix2.reg

C:\SDFix\apps\Process.exe

C:\SDFix\apps\procs.exe

C:\SDFix\apps\psservice.exe

C:\SDFix\apps\Rem.txt

C:\SDFix\apps\Rem2.txt

C:\SDFix\apps\Replace\regedit.exe

C:\SDFix\apps\Replace\W2K.exe

C:\SDFix\apps\Replace\w2k\beep.sys

C:\SDFix\apps\Replace\w2k\null.sys

C:\SDFix\apps\Replace\XP.exe

C:\SDFix\apps\Replace\xp\beep.sys

C:\SDFix\apps\Replace\xp\null.sys

C:\SDFix\apps\Reset_AppInit_DLLs.reg

C:\SDFix\apps\RestartIt!.exe

C:\SDFix\apps\Restore_SecurityCenter.reg

C:\SDFix\apps\Restore_SharedAccess.reg

C:\SDFix\apps\sc.exe

C:\SDFix\apps\sed.exe

C:\SDFix\apps\SF.exe

C:\SDFix\apps\shutdown.exe

C:\SDFix\apps\srv2.txt

C:\SDFix\apps\srv2bk.txt

C:\SDFix\apps\svc.txt

C:\SDFix\apps\svcbk.txt

C:\SDFix\apps\swreg.exe

C:\SDFix\apps\swsc.exe

C:\SDFix\apps\unzip.exe

C:\SDFix\apps\vfind.exe

C:\SDFix\apps\WINMSG.EXE

C:\SDFix\apps\winsec.reg

C:\SDFix\apps\zip.exe

C:\SDFix\backups\backupreg.zip

C:\SDFix\backups\backups.zip

C:\SDFix\backups\HOSTS

C:\SDFix\catchme.exe

C:\SDFix\dummy.sys

C:\SDFix\Report.txt

C:\SDFix\RunThis.bat

C:\SDFix\SDFIX_ReadMe_Online.url

C:\VIRUSfighter

C:\VIRUSfighter\Bin\Npipe.dll

C:\VIRUSfighter\Bin\NupdEx.dll

C:\VIRUSfighter\Bin\Zanda.exe

C:\WINDOWS\avpcc.dll

C:\WINDOWS\BM47406f4e.xml

C:\WINDOWS\ctrlpan.dll

C:\WINDOWS\default.htm

C:\WINDOWS\editpad.exe

C:\WINDOWS\explore.exe

C:\WINDOWS\explorer32.exe

C:\WINDOWS\iedll.exe

C:\WINDOWS\iexplorer.exe

C:\WINDOWS\internet.exe

C:\WINDOWS\loader.exe

C:\WINDOWS\msconfd.dll

C:\WINDOWS\mssys.exe

C:\WINDOWS\msupdate.exe

C:\WINDOWS\mtwirl32.dll

C:\WINDOWS\notepad32.exe

C:\WINDOWS\pskt.ini

C:\WINDOWS\quicken.exe

C:\WINDOWS\rundll16.exe

C:\WINDOWS\sistem.exe

C:\WINDOWS\svchost32.exe

C:\WINDOWS\system32\hgGyaxur.dll

C:\WINDOWS\system32\mrcotvbj.dll

C:\WINDOWS\system32\opnnLBTM.dll

C:\WINDOWS\system32\Process.exe

C:\WINDOWS\system32\ruxayGgh.ini

C:\WINDOWS\system32\umvcrvap.dll

C:\WINDOWS\system32\VCCLSID.exe

C:\WINDOWS\win.tmp

C:\WINDOWS\window.exe

C:\WINDOWS\x.exe

C:\WINDOWS\y.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-19 to 2008-05-19 ))))))))))))))))))))))))))))))

.

2008-05-19 19:48 . 2008-05-19 19:48 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\Malwarebytes

2008-05-19 19:47 . 2008-05-19 19:47 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-05-19 19:47 . 2008-05-19 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-05-19 19:47 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-05-19 19:47 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-05-19 19:34 . 2008-05-19 20:14 114,688 --------- C:\WINDOWS\system32\kjsthmde.dll

2008-05-19 19:31 . 2008-05-19 19:31 134,656 --a------ C:\WINDOWS\system32\fcqewsjn.dll

2008-05-19 19:28 . 2008-05-19 19:28 114,688 --a------ C:\WINDOWS\system32\snrxkrrb.dll

2008-05-19 19:25 . 2008-05-19 20:14 124,928 --------- C:\WINDOWS\system32\suvljmxy.dll

2008-05-19 19:25 . 2008-05-19 19:25 2,560 --a------ C:\WINDOWS\system32\mucgvwwn.exe

2008-05-19 19:11 . 2008-05-19 20:14 114,688 --------- C:\WINDOWS\system32\osxvomqc.dll

2008-05-19 19:08 . 2008-05-19 19:08 134,656 --a------ C:\WINDOWS\system32\hjoehvnk.dll

2008-05-19 19:06 . 2008-05-19 19:06 2,560 --a------ C:\WINDOWS\system32\llmanoqj.exe

2008-05-19 19:03 . 2008-05-19 19:03 124,928 --a------ C:\WINDOWS\system32\eugbgtos.dll

2008-05-19 18:52 . 2008-05-19 19:05 414 ---hs---- C:\WINDOWS\system32\buaqlyrx.ini

2008-05-19 18:31 . 2008-05-19 20:25 <DIR> d-------- C:\quarantine

2008-05-19 18:30 . 2008-05-19 18:30 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

2008-05-18 16:45 . 2008-05-18 16:45 <DIR> d-------- C:\WINDOWS\ERUNT

2008-05-18 12:17 . 2008-05-18 12:17 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\Uniblue

2008-05-18 11:49 . 2008-05-18 11:49 <DIR> d-------- C:\Program Files\Trend Micro

2008-05-18 05:26 . 2008-05-18 05:26 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-05-18 05:07 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-05-18 05:07 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-05-18 05:07 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-05-18 05:07 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-05-18 04:06 . 2008-05-19 20:34 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-05-18 03:57 . 2008-05-19 18:50 227 --a------ C:\WINDOWS\system.tmp

2008-05-18 03:36 . 2006-08-24 11:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys

2008-05-18 03:36 . 2006-07-10 16:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys

2008-05-18 03:35 . 2008-05-18 04:03 <DIR> d-------- C:\Program Files\Spyware Doctor

2008-05-18 03:35 . 2008-05-18 03:35 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\PC Tools

2008-05-18 01:40 . 2008-05-18 01:40 16,128 --a------ C:\WINDOWS\rundll32.vbe

2008-05-18 01:20 . 2004-09-02 13:00 4,224 --a------ C:\WINDOWS\system32\beep.sys

2008-05-18 01:19 . 2008-05-18 01:19 4 --a------ C:\WINDOWS\system32\hljwugsf.bin

2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Common Files\PCSuite

2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Common Files\Nokia

2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\PC Suite

2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\Nokia

2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite

2008-05-14 13:11 . 2008-05-14 13:11 <DIR> d-------- C:\Program Files\PC Connectivity Solution

2008-05-14 13:11 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Nokia

2008-05-14 13:11 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2008-05-14 13:11 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys

2008-05-14 13:10 . 2008-05-14 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations

2008-05-13 12:48 . 2008-05-13 12:48 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-04-26 09:10 . 2008-04-26 09:10 <DIR> d-------- C:\Program Files\LimeWire

2008-04-26 09:10 . 2008-05-08 06:30 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\LimeWire

2008-04-25 20:00 . 2008-04-25 20:00 <DIR> d-------- C:\Program Files\Microsoft Works

2008-04-25 19:59 . 2008-04-25 19:59 <DIR> d-------- C:\Program Files\Microsoft.NET

2008-04-25 19:55 . 2008-04-25 19:59 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-04-25 19:55 . 2008-04-25 19:55 <DIR> dr-h----- C:\MSOCache

2008-04-25 19:55 . 2008-05-15 06:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-04-24 08:15 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2008-04-24 08:15 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys

2008-04-24 08:15 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-04-24 08:15 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-04-21 21:46 . 2008-04-21 21:46 <DIR> d-------- C:\Program Files\vanBasco's Karaoke Player

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-18 02:40 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-17 23:18 --------- d-----w C:\Program Files\Common Files\Adobe

2008-05-14 11:11 --------- d-----w C:\Program Files\DIFX

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-20 13:28 --------- d-----w C:\Program Files\Java

2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-19 12:10 --------- d-----w C:\Program Files\Common Files\Java

2008-03-19 11:45 --------- d-----w C:\Documents and Settings\Drago\Application Data\Photodex

2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-19 00:24 87,865 ----a-w C:\WINDOWS\system32\Vxdif.dll

2008-02-19 00:08 21,393 ----a-w C:\WINDOWS\AegisP.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8816ebc8-551d-48c5-9239-0d603747ee94}]

2008-05-19 19:31 134656 --a------ C:\WINDOWS\system32\fcqewsjn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 13:00 15360]

"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 11:47 65536]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]

"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]

"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-05-18 03:38 2115728]

"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-02 13:00 208952]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 13:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 13:00 455168]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 23:40 64512]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-18 23:30 7122944]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:03 110592 C:\WINDOWS\system32\bthprops.cpl]

"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 13:11 73728]

"TFncKy"="TFncKy.exe" []

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 11:51 823296]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 11:49 974848]

"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2005-05-11 13:02 253952]

"000StTHK"="000StTHK.exe" [2001-06-23 05:28 24576 C:\WINDOWS\system32\000StTHK.exe]

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2008-02-19 02:24 196608]

"Kraidman"="C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe" [2005-08-11 16:37 1093712]

"NDSTray.exe"="NDSTray.exe" []

"TPSMain"="TPSMain.exe" [2005-07-06 15:04 266240 C:\WINDOWS\system32\TPSMain.exe]

"TPSODDCtl"="TPSODDCtl.exe" [2005-07-06 15:04 102400 C:\WINDOWS\system32\TPSODDCtl.exe]

"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 13:25 1077327]

"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2005-09-01 13:29 102400]

"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 16:07 49152]

"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 14:28 118784]

"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 09:00 94208]

"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-12-07 04:55 131072]

"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 10:48 147514]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"Norman ZANDA"="C:\VIRUSfighter\bin\ZLH.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-02 13:00 15360]

"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-05-18 03:38 2115728]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Bluetooth Monitor.lnk - C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2008-02-19 00:31:33 65536]

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-02-19 04:59:25 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnLBTM]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R0 KR10N;KR10N;C:\WINDOWS\system32\DRIVERS\KR10N.sys [2008-02-18 20:19]

R2 TOS_SPS;TOSHIBA SPS Driver;C:\Program Files\TOSHIBA\TMP2VDec\TOS_SPS.sys [2005-07-11 18:01]

R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 16:18]

R3 ttv400x;TOSHIBA PCI DVB-T/Analog Hybrid Tuner;C:\WINDOWS\system32\drivers\ttv400x.sys [2008-02-19 00:20]

S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]

S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2003-05-07 16:54]

*Newly Created Service* - ENTDRV51

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-19 20:34:41

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]

"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Action Script]

"ImagePath"="\"\""

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\ehome\ehrecvr.exe

C:\WINDOWS\ehome\ehSched.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Apoint2K\ApntEx.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

.

**************************************************************************

.

Voltooingstijd: 2008-05-19 20:37:06 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-19 18:36:52

ComboFix2.txt 2008-05-19 16:55:49

Pre-Run: 58,158,592,000 bytes beschikbaar

Post-Run: 58,148,769,792 bytes beschikbaar

363 --- E O F --- 2008-05-16 21:45:13

---

log van hijackthis;

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:39:40, on 19-05-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\00THotkey.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe

C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Program Files\Spyware Doctor\swdoctor.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Planet - Planet Homepage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: {49ee7473-06d0-9329-5c84-d1558cbe6188} - {8816ebc8-551d-48c5-9239-0d603747ee94} - C:\WINDOWS\system32\fcqewsjn.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [Kraidman] C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Bluetooth Monitor.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203365513121

O17 - HKLM\System\CCS\Services\Tcpip\..\{473E2151-1AB9-4143-A034-521C7A354C28}: NameServer = 195.121.1.34,195.121.1.66

O20 - Winlogon Notify: opnnLBTM - C:\WINDOWS\

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\bin\NJEEVES.EXE (file missing)

O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Bin\Zanda.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Windows Action Script - Unknown owner - C:\WINDOWS\

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 11561 bytes

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.